| |
| |||||||
Log-Analyse und Auswertung: Smart DefragmenterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
05.04.2012, 19:24
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Smart Defragmenter Machen wir erstmal weiter. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.04.2012, 17:31
| #2 |
 | Smart Defragmenter Entschuldige bitte die Verzögerung. Ich hab in den letzten Tagen mehrmals versucht OTL zum laufen zu bringen, leider hängt sich das Programm aber immer auf. Am Anfang funktioniert der Prozess und dann bei "Scanning Firefox" bleibt er stecken. Ich kann nicht mehr im Fenster navigieren, oben erscheint "Keine Rückmeldung" und ich kann OTL nur noch über den task manager beenden.
__________________Irgendwelche Ideen dazu? (Ich hab eigentlich alle Programme ausgeschalten.) Lg, lin.x |
|
07.04.2012, 18:40
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Haste es im abgesicherten Modus probiert?
__________________
__________________ |
|
07.04.2012, 20:39
| #4 |
| | Smart Defragmenter danke, so hats geklappt. viele sachen klingen sehr dubios, aber ich kenn mich da ja nicht aus... (beispielsweise die ganzen dubiosen seiten unter "hosts file"?) OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.04.2012 20:16:08 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 86,29% Memory free 7,75 Gb Paging File | 7,53 Gb Available in Paging File | 97,14% Paging File free Paging file location(s): c:\pagefile.sys 5000 5000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218,20 Gb Total Space | 43,87 Gb Free Space | 20,10% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 6,87 Gb Free Space | 46,91% Space Free | Partition Type: NTFS Computer Name: xxx-NOTEBOOK | User Name: xxx| Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.05 21:52:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2012.01.03 09:19:16 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.01.03 23:52:52 | 007,581,696 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2012.01.03 10:45:08 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.05 10:22:42 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.09.02 08:48:08 | 000,135,168 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service) SRV - [2009.07.05 20:40:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009.03.31 17:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV) SRV - [2009.03.31 17:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters) SRV - [2009.01.30 07:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.05.08 00:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.01.24 08:13:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2010.09.02 08:48:06 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2010.08.21 23:33:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.07.14 23:13:56 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.03 01:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.03.31 17:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.03.31 16:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.03.19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid) DRV - [2009.03.06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd) DRV - [2008.12.31 04:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2008.12.21 20:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms} IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 16:27:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 15:51:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.14 19:25:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.29 09:36:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.14 19:25:08 | 000,000,000 | ---D | M] [2010.11.28 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2010.11.28 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.04 11:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions [2012.01.16 11:15:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.04.02 13:56:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.08.26 16:43:03 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\webmaster@keep-tube.com [2011.05.02 05:19:44 | 000,002,289 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hcby53ez.default\searchplugins\ecosia.xml [2012.04.02 13:56:53 | 000,002,112 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hcby53ez.default\searchplugins\wot-safe-search.xml [2011.11.23 14:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\CONTEXTMENUEXTENSION@LEO.ORG.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\SHAREMENOT@FRANZIROESNER.COM.XPI () (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI [2012.03.20 15:51:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.03 23:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.11 14:38:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.11 14:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.11 14:38:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.11 14:38:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.11 14:38:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.11 14:38:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.30 14:49:30 | 000,437,632 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15054 more lines... O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DDFD15-5F32-41E9-B841-8289AAE4EBE8}: DhcpNameServer = 172.31.4.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C281DDA3-1EB1-4078-A2D7-2963FDC7777E}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Launch.exe O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell - "" = AutoRun O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell\AutoRun\command - "" = H:\Install.exe O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell - "" = AutoRun O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Programme\Dell\DellDock\DellDock.exe - (Stardock Corporation) MsConfig - StartUpFolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: Goodnight Timer - hkey= - key= - File not found MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: QuickSet - hkey= - key= - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: UIExec - hkey= - key= - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - StartUpReg: Xvid - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.04.05 21:29:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.04.05 00:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.04.03 23:09:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Dell WebCam Central [2012.04.02 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.04.02 13:30:59 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\xxx\Desktop\unhide.exe [2012.04.02 11:00:36 | 000,000,000 | R--D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.04.01 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.04.01 21:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.01 21:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.01 21:27:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.01 21:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.01 21:20:28 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2012.04.01 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [2012.04.01 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\PDF24 [2012.04.01 11:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.04.01 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2012.03.30 21:23:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\vlc [2012.03.30 21:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.03.30 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Tor Browser [2012.03.26 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Google [2012.03.26 11:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google ========== Files - Modified Within 30 Days ========== [2012.04.07 20:19:40 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.07 20:19:40 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.07 20:19:40 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.07 20:19:40 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.07 20:15:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.07 20:10:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.07 20:10:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 20:10:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.07 20:05:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.07 20:03:48 | 000,001,167 | ---- | M] () -- C:\Users\xxx\Desktop\otlcopy.rtf [2012.04.07 20:00:30 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job [2012.04.07 19:28:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.06 16:38:28 | 000,486,859 | ---- | M] () -- C:\Users\xxx\Desktop\nfpkurs.pdf [2012.04.05 21:52:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.04.05 11:13:21 | 000,010,752 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.04 01:38:05 | 000,002,907 | ---- | M] () -- C:\Users\xxx\Desktop\Syntagma.rtf [2012.04.03 15:29:50 | 000,000,513 | ---- | M] () -- C:\Users\xxx\Desktop\Desktop anzeigen - Verknüpfung.lnk [2012.04.03 14:34:38 | 000,002,617 | ---- | M] () -- C:\Users\xxx\Desktop\Dokument.rtf [2012.04.03 01:11:51 | 000,001,330 | ---- | M] () -- C:\Users\xxx\Desktop\eisen.rtf [2012.04.02 13:31:01 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\xxx\Desktop\unhide.exe [2012.04.02 12:17:44 | 000,008,521 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_an.zip [2012.04.02 10:56:11 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2012.04.01 21:27:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.01 21:12:20 | 000,000,256 | ---- | M] () -- C:\ProgramData\tbEDQ75VFH2EJb [2012.04.01 14:52:08 | 000,005,722 | ---- | M] () -- C:\Users\xxx\Documents\TXCUserDictionary.dic [2012.04.01 11:58:10 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.03.29 09:44:12 | 000,376,919 | ---- | M] () -- C:\Users\xxx\Desktop\HackerCracker_eng.pdf [2012.03.28 19:11:01 | 000,284,285 | ---- | M] () -- C:\Users\xxx\Desktop\CONF_2011_Vatikiotis_Kosmas.pdf [2012.03.28 19:10:09 | 000,151,973 | ---- | M] () -- C:\Users\xxx\Desktop\WP262.pdf [2012.03.28 16:08:57 | 002,021,671 | ---- | M] () -- C:\Users\xxx\Desktop\Broschur_Griechen2_dt_1203.pdf [2012.03.26 22:44:57 | 000,018,644 | ---- | M] () -- C:\Users\xxx\Documents\Unbenannt 3.odt [2012.03.26 17:18:20 | 000,000,289 | ---- | M] () -- C:\Windows\WININIT.INI [2012.03.25 23:04:06 | 000,006,080 | ---- | M] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2012.03.25 22:08:02 | 000,009,139 | ---- | M] () -- C:\Users\xxx\Desktop\food.odt [2012.03.24 16:27:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.03.15 09:24:46 | 000,317,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.04.07 20:03:47 | 000,001,167 | ---- | C] () -- C:\Users\xxx\Desktop\otlcopy.rtf [2012.04.06 16:38:28 | 000,486,859 | ---- | C] () -- C:\Users\xxx\Desktop\nfpkurs.pdf [2012.04.05 19:15:07 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.04.05 10:22:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.04 01:38:05 | 000,002,907 | ---- | C] () -- C:\Users\xxx\Desktop\Syntagma.rtf [2012.04.03 15:29:50 | 000,000,513 | ---- | C] () -- C:\Users\xxx\Desktop\Desktop anzeigen - Verknüpfung.lnk [2012.04.03 00:44:20 | 000,001,330 | ---- | C] () -- C:\Users\xxx\Desktop\eisen.rtf [2012.04.02 12:17:44 | 000,008,521 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_an.zip [2012.04.02 10:55:56 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.04.01 21:27:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.01 21:05:58 | 000,000,256 | ---- | C] () -- C:\ProgramData\tbEDQ75VFH2EJb [2012.03.29 09:44:12 | 000,376,919 | ---- | C] () -- C:\Users\xxx\Desktop\HackerCracker_eng.pdf [2012.03.28 19:11:01 | 000,284,285 | ---- | C] () -- C:\Users\xxx\Desktop\CONF_2011_Vatikiotis_Kosmas.pdf [2012.03.28 19:10:09 | 000,151,973 | ---- | C] () -- C:\Users\xxx\Desktop\WP262.pdf [2012.03.28 16:08:57 | 002,021,671 | ---- | C] () -- C:\Users\xxx\Desktop\Broschur_Griechen2_dt_1203.pdf [2012.03.26 22:44:55 | 000,018,644 | ---- | C] () -- C:\Users\xxx\Documents\Unbenannt 3.odt [2012.03.26 11:17:11 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.26 11:17:11 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.25 21:59:36 | 000,009,139 | ---- | C] () -- C:\Users\xxx\Desktop\food.odt [2011.12.12 23:37:33 | 000,005,060 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn [2011.09.30 14:43:44 | 000,000,289 | ---- | C] () -- C:\Windows\WININIT.INI [2011.09.29 16:12:52 | 000,255,531 | ---- | C] () -- C:\Users\xxx\AppData\Local\census.cache [2011.09.29 16:12:24 | 000,164,557 | ---- | C] () -- C:\Users\xxx\AppData\Local\ars.cache [2011.09.29 15:50:13 | 000,000,036 | ---- | C] () -- C:\Users\xxx\AppData\Local\housecall.guid.cache [2011.06.15 10:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll [2011.02.12 18:33:40 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe [2011.01.27 09:33:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb7mlm.dll [2011.01.11 21:44:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.08.21 23:45:38 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2010.06.15 17:50:31 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat ========== LOP Check ========== [2010.04.07 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ahnenblatt [2009.12.27 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics [2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools [2011.10.18 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Pro [2011.12.28 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2012.04.07 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox [2009.11.04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Elluminate [2011.02.21 03:03:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EndNote [2011.01.12 18:41:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Freeze Tag [2011.10.18 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gourmet [2011.10.18 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2012.01.19 01:51:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2 [2012.01.28 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag [2009.07.13 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2009.09.24 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Participatory Culture Foundation [2011.04.29 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr [2010.02.18 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCF-VLC [2011.01.02 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlayFirst [2011.09.29 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan [2011.10.18 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\softsentials [2010.11.28 02:03:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird [2011.09.30 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.10.18 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\URSoft [2012.04.04 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\uTorrent [2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola [2012.04.07 20:14:31 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.07 20:00:30 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.15 09:27:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe [2010.04.07 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ahnenblatt [2012.02.14 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apple Computer [2009.12.27 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics [2009.09.25 17:43:35 | 000,000,000 | R--D | M] -- C:\Users\xxx\AppData\Roaming\Brother [2009.07.24 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Creative [2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools [2011.10.18 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Pro [2011.12.28 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2009.07.13 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dell [2012.04.07 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox [2009.11.04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Elluminate [2011.02.21 03:03:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EndNote [2011.01.12 18:41:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Freeze Tag [2011.10.18 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gourmet [2011.10.18 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0 [2010.06.15 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities [2012.01.19 01:51:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2 [2011.04.09 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia [2012.04.01 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs [2011.09.30 16:53:55 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft [2011.12.30 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MiKTeX [2009.07.24 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla [2012.01.28 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag [2009.07.13 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2009.09.24 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Participatory Culture Foundation [2011.04.29 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr [2010.02.18 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCF-VLC [2011.01.02 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlayFirst [2011.09.29 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan [2009.07.13 23:20:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Reallusion [2011.01.08 04:47:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Realore_Whiterra Roads Of Rome 2 [2010.12.04 00:13:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Roxio [2012.04.07 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype [2011.06.13 06:57:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\skypePM [2011.10.18 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\softsentials [2010.11.28 02:03:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird [2011.09.30 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software [2011.10.18 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\URSoft [2012.04.04 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\uTorrent [2012.04.07 19:57:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\vlc [2012.04.03 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Winamp [2009.09.25 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR [2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola < %APPDATA%\*.exe /s > [2009.08.31 11:04:19 | 008,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\xxx\AppData\Roaming\DataSafeDotNet.exe [2010.04.07 23:35:22 | 000,706,630 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Ahnenblatt\unins000.exe [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.11.01 21:27:06 | 000,048,969 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2\JabRef.exe [2012.01.19 01:51:42 | 000,062,542 | ---- | M] (JabRef Team) -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2\uninstall.exe [2010.08.26 20:30:46 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.08.19 16:12:54 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe [2011.08.19 16:12:54 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe [2011.08.19 16:12:59 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.05.08 00:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2011.06.15 10:00:28 | 000,461,080 | ---- | M] (Intel Corporation) MD5=4B80B97CBF0782B3BB3057F88D42C367 -- C:\Windows\System32\drivers\iaStor.sys [2011.06.15 10:00:28 | 000,461,080 | ---- | M] (Intel Corporation) MD5=4B80B97CBF0782B3BB3057F88D42C367 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_802e0f1c\iaStor.sys [2008.08.31 20:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys [2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys [2008.08.31 20:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX3\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX3\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1F96ED45 < End of report > |
|
08.04.2012, 16:17
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Die Einträge bei hosts kommen von Spybot durch die Immunisierung...ich mach sowas lieber über das Hosts File von MVPS (mehr dazu später) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Launch.exe
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell - "" = AutoRun
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
[2011.12.12 23:37:33 | 000,005,060 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn
[2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1F96ED45
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 16:59
| #6 |
| | Smart Defragmenter beim ersten versuch normal + im abgesicherten modus ist otl wieder stecken geblieben, beim 3. im abgesicherten hats dann geklappt und der pc wurde selbstständig neugestartet. log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
File D:\Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
File G:\.\ShowModem.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
File H:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
File D:\Install.exe not found.
File C:\ProgramData\ndhlopzv.syn not found.
Folder C:\Users\xxx\AppData\Roaming\Yiola\ not found.
Unable to delete ADS C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD .
Unable to delete ADS C:\ProgramData\TEMP:1CE11B51 .
Unable to delete ADS C:\ProgramData\TEMP:E5BA9ADD .
Unable to delete ADS C:\ProgramData\TEMP:1F96ED45 .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: xxx
->Temp folder emptied: 9547291 bytes
->Temporary Internet Files folder emptied: 2760088 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 397903737 bytes
->Flash cache emptied: 5569 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9973858 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 401,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: xxx
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04082012_175251
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
lg, lin.x |
|
08.04.2012, 17:17
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 17:25
| #8 |
| | Smart Defragmenter Bittesehr, Log: Code:
ATTFilter 18:21:29.0508 3220 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:21:29.0572 3220 ============================================================
18:21:29.0572 3220 Current date / time: 2012/04/08 18:21:29.0572
18:21:29.0572 3220 SystemInfo:
18:21:29.0572 3220
18:21:29.0572 3220 OS Version: 6.0.6002 ServicePack: 2.0
18:21:29.0572 3220 Product type: Workstation
18:21:29.0572 3220 ComputerName: xxx-NOTEBOOK
18:21:29.0573 3220 UserName: xxx
18:21:29.0573 3220 Windows directory: C:\Windows
18:21:29.0573 3220 System windows directory: C:\Windows
18:21:29.0573 3220 Processor architecture: Intel x86
18:21:29.0573 3220 Number of processors: 2
18:21:29.0573 3220 Page size: 0x1000
18:21:29.0573 3220 Boot type: Normal boot
18:21:29.0573 3220 ============================================================
18:21:30.0006 3220 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:21:30.0008 3220 \Device\Harddisk0\DR0:
18:21:30.0009 3220 MBR used
18:21:30.0009 3220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:21:30.0009 3220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
18:21:30.0103 3220 Initialize success
18:21:30.0103 3220 ============================================================
18:21:56.0190 1656 ============================================================
18:21:56.0190 1656 Scan started
18:21:56.0190 1656 Mode: Manual; SigCheck; TDLFS;
18:21:56.0190 1656 ============================================================
18:21:56.0736 1656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:21:56.0860 1656 ACPI - ok
18:21:57.0063 1656 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:57.0079 1656 AdobeFlashPlayerUpdateSvc - ok
18:21:57.0250 1656 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:21:57.0297 1656 adp94xx - ok
18:21:57.0422 1656 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:21:57.0438 1656 adpahci - ok
18:21:57.0500 1656 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:21:57.0516 1656 adpu160m - ok
18:21:57.0562 1656 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:21:57.0578 1656 adpu320 - ok
18:21:57.0625 1656 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:21:57.0781 1656 AeLookupSvc - ok
18:21:57.0937 1656 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
18:21:58.0030 1656 AESTFilters - ok
18:21:58.0186 1656 AF15BDA (e3f08935158038d385ad382442f4bb2d) C:\Windows\system32\DRIVERS\AF15BDA.sys
18:21:58.0280 1656 AF15BDA - ok
18:21:58.0358 1656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:21:58.0436 1656 AFD - ok
18:21:58.0545 1656 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:21:58.0561 1656 agp440 - ok
18:21:58.0732 1656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:21:58.0748 1656 aic78xx - ok
18:21:58.0873 1656 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:21:59.0076 1656 ALG - ok
18:21:59.0169 1656 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:21:59.0185 1656 aliide - ok
18:21:59.0216 1656 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:21:59.0232 1656 amdagp - ok
18:21:59.0263 1656 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:21:59.0278 1656 amdide - ok
18:21:59.0294 1656 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:21:59.0341 1656 AmdK7 - ok
18:21:59.0481 1656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:21:59.0528 1656 AmdK8 - ok
18:21:59.0793 1656 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:21:59.0824 1656 ApfiltrService - ok
18:21:59.0949 1656 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:22:00.0027 1656 Appinfo - ok
18:22:00.0214 1656 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:22:00.0230 1656 arc - ok
18:22:00.0308 1656 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:22:00.0324 1656 arcsas - ok
18:22:00.0370 1656 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
18:22:00.0402 1656 ASPI ( UnsignedFile.Multi.Generic ) - warning
18:22:00.0402 1656 ASPI - detected UnsignedFile.Multi.Generic (1)
18:22:00.0480 1656 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
18:22:00.0495 1656 aswFsBlk - ok
18:22:00.0558 1656 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
18:22:00.0573 1656 aswMonFlt - ok
18:22:00.0604 1656 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
18:22:00.0620 1656 aswRdr - ok
18:22:00.0636 1656 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
18:22:00.0698 1656 aswSnx - ok
18:22:00.0729 1656 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
18:22:00.0745 1656 aswSP - ok
18:22:00.0776 1656 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
18:22:00.0776 1656 aswTdi - ok
18:22:00.0838 1656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:00.0901 1656 AsyncMac - ok
18:22:00.0932 1656 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
18:22:00.0948 1656 atapi - ok
18:22:00.0979 1656 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:22:01.0026 1656 AudioEndpointBuilder - ok
18:22:01.0057 1656 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:22:01.0088 1656 Audiosrv - ok
18:22:01.0197 1656 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:22:01.0213 1656 avast! Antivirus - ok
18:22:01.0338 1656 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
18:22:01.0338 1656 BCM42RLY - ok
18:22:01.0416 1656 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:22:01.0525 1656 BCM43XX - ok
18:22:01.0572 1656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:22:01.0603 1656 Beep - ok
18:22:01.0665 1656 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:22:01.0728 1656 BFE - ok
18:22:01.0806 1656 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:22:01.0930 1656 BITS - ok
18:22:01.0993 1656 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:22:02.0024 1656 blbdrive - ok
18:22:02.0071 1656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:22:02.0133 1656 bowser - ok
18:22:02.0149 1656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:22:02.0196 1656 BrFiltLo - ok
18:22:02.0227 1656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:22:02.0274 1656 BrFiltUp - ok
18:22:02.0320 1656 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:22:02.0367 1656 Browser - ok
18:22:02.0414 1656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:22:02.0617 1656 Brserid - ok
18:22:02.0679 1656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:22:02.0726 1656 BrSerWdm - ok
18:22:02.0757 1656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:22:02.0820 1656 BrUsbMdm - ok
18:22:02.0851 1656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:22:02.0898 1656 BrUsbSer - ok
18:22:02.0929 1656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:22:03.0007 1656 BTHMODEM - ok
18:22:03.0038 1656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:03.0100 1656 cdfs - ok
18:22:03.0147 1656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:03.0178 1656 cdrom - ok
18:22:03.0210 1656 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:22:03.0256 1656 CertPropSvc - ok
18:22:03.0303 1656 Change Modem Device Service (74fffb94d7ffd4750bd429ccb197720e) C:\Windows\system32\ChgService.exe
18:22:03.0350 1656 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - warning
18:22:03.0350 1656 Change Modem Device Service - detected UnsignedFile.Multi.Generic (1)
18:22:03.0412 1656 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:22:03.0444 1656 circlass - ok
18:22:03.0490 1656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:22:03.0506 1656 CLFS - ok
18:22:03.0568 1656 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:03.0584 1656 clr_optimization_v2.0.50727_32 - ok
18:22:03.0615 1656 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:03.0646 1656 CmBatt - ok
18:22:03.0678 1656 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:22:03.0693 1656 cmdide - ok
18:22:03.0724 1656 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
18:22:03.0787 1656 cmnsusbser - ok
18:22:03.0802 1656 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:03.0818 1656 Compbatt - ok
18:22:03.0834 1656 COMSysApp - ok
18:22:03.0865 1656 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:22:03.0880 1656 crcdisk - ok
18:22:03.0896 1656 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:22:03.0943 1656 Crusoe - ok
18:22:03.0990 1656 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:22:04.0021 1656 CryptSvc - ok
18:22:04.0083 1656 CtClsFlt (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:22:04.0130 1656 CtClsFlt - ok
18:22:04.0161 1656 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:22:04.0255 1656 DcomLaunch - ok
18:22:04.0317 1656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:22:04.0364 1656 DfsC - ok
18:22:04.0442 1656 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:22:04.0598 1656 DFSR - ok
18:22:04.0645 1656 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:22:04.0692 1656 Dhcp - ok
18:22:04.0754 1656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:22:04.0770 1656 disk - ok
18:22:04.0801 1656 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:22:04.0863 1656 Dnscache - ok
18:22:04.0941 1656 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:22:04.0988 1656 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
18:22:04.0988 1656 DockLoginService - detected UnsignedFile.Multi.Generic (1)
18:22:05.0097 1656 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:22:05.0144 1656 dot3svc - ok
18:22:05.0191 1656 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:22:05.0238 1656 DPS - ok
18:22:05.0300 1656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:22:05.0362 1656 drmkaud - ok
18:22:05.0425 1656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:05.0472 1656 DXGKrnl - ok
18:22:05.0518 1656 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:22:05.0550 1656 e1express - ok
18:22:05.0565 1656 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:22:05.0596 1656 E1G60 - ok
18:22:05.0643 1656 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:22:05.0674 1656 EapHost - ok
18:22:05.0721 1656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:22:05.0737 1656 Ecache - ok
18:22:05.0799 1656 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:22:05.0830 1656 ehRecvr - ok
18:22:05.0846 1656 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:22:05.0908 1656 ehSched - ok
18:22:05.0908 1656 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:22:05.0924 1656 ehstart - ok
18:22:05.0986 1656 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:22:06.0018 1656 elxstor - ok
18:22:06.0096 1656 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:22:06.0158 1656 EMDMgmt - ok
18:22:06.0205 1656 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
18:22:06.0283 1656 ErrDev - ok
18:22:06.0345 1656 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:22:06.0392 1656 EventSystem - ok
18:22:06.0439 1656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:22:06.0517 1656 exfat - ok
18:22:06.0564 1656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:22:06.0579 1656 fastfat - ok
18:22:06.0610 1656 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:22:06.0657 1656 fdc - ok
18:22:06.0735 1656 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:22:06.0798 1656 fdPHost - ok
18:22:06.0813 1656 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:22:06.0876 1656 FDResPub - ok
18:22:06.0969 1656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:22:06.0969 1656 FileInfo - ok
18:22:06.0985 1656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:22:07.0032 1656 Filetrace - ok
18:22:07.0047 1656 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:07.0110 1656 flpydisk - ok
18:22:07.0172 1656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:22:07.0188 1656 FltMgr - ok
18:22:07.0234 1656 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:22:07.0328 1656 FontCache - ok
18:22:07.0406 1656 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:22:07.0422 1656 FontCache3.0.0.0 - ok
18:22:07.0578 1656 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:07.0624 1656 Fs_Rec - ok
18:22:07.0983 1656 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:22:07.0983 1656 gagp30kx - ok
18:22:08.0061 1656 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
18:22:08.0077 1656 GoToAssist - ok
18:22:08.0264 1656 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:22:08.0311 1656 gpsvc - ok
18:22:08.0436 1656 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:08.0451 1656 gupdate - ok
18:22:08.0467 1656 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:08.0482 1656 gupdatem - ok
18:22:08.0576 1656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:22:08.0654 1656 HdAudAddService - ok
18:22:08.0857 1656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:08.0919 1656 HDAudBus - ok
18:22:09.0106 1656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:22:09.0184 1656 HidBth - ok
18:22:09.0434 1656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:22:09.0512 1656 HidIr - ok
18:22:09.0621 1656 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:22:09.0668 1656 hidserv - ok
18:22:09.0730 1656 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:09.0793 1656 HidUsb - ok
18:22:09.0824 1656 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:22:09.0871 1656 hkmsvc - ok
18:22:09.0918 1656 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:22:09.0933 1656 HpCISSs - ok
18:22:09.0980 1656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:22:10.0058 1656 HTTP - ok
18:22:10.0089 1656 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:22:10.0120 1656 hwdatacard ( UnsignedFile.Multi.Generic ) - warning
18:22:10.0120 1656 hwdatacard - detected UnsignedFile.Multi.Generic (1)
18:22:10.0167 1656 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:22:10.0183 1656 i2omp - ok
18:22:10.0214 1656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:22:10.0261 1656 i8042prt - ok
18:22:10.0417 1656 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:22:10.0432 1656 IAANTMON - ok
18:22:10.0635 1656 iaStor (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\drivers\iastor.sys
18:22:10.0666 1656 iaStor - ok
18:22:10.0713 1656 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:22:10.0729 1656 iaStorV - ok
18:22:10.0807 1656 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:22:10.0869 1656 idsvc - ok
18:22:10.0994 1656 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:22:11.0259 1656 igfx - ok
18:22:12.0460 1656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:22:12.0476 1656 iirsp - ok
18:22:12.0850 1656 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:22:12.0960 1656 IKEEXT - ok
18:22:13.0225 1656 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:22:13.0225 1656 intelide - ok
18:22:13.0334 1656 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:13.0428 1656 intelppm - ok
18:22:13.0490 1656 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:22:13.0537 1656 IPBusEnum - ok
18:22:13.0818 1656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:13.0864 1656 IpFilterDriver - ok
18:22:13.0974 1656 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:22:14.0052 1656 iphlpsvc - ok
18:22:14.0098 1656 IpInIp - ok
18:22:14.0130 1656 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:22:14.0208 1656 IPMIDRV - ok
18:22:14.0254 1656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:22:14.0286 1656 IPNAT - ok
18:22:14.0301 1656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:22:14.0348 1656 IRENUM - ok
18:22:14.0379 1656 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:22:14.0395 1656 isapnp - ok
18:22:14.0426 1656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:22:14.0442 1656 iScsiPrt - ok
18:22:15.0487 1656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:22:15.0502 1656 iteatapi - ok
18:22:17.0858 1656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:22:17.0874 1656 iteraid - ok
18:22:17.0952 1656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:17.0967 1656 kbdclass - ok
18:22:18.0248 1656 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:18.0310 1656 kbdhid - ok
18:22:18.0825 1656 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:18.0872 1656 KeyIso - ok
18:22:19.0168 1656 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:22:19.0215 1656 KSecDD - ok
18:22:19.0293 1656 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:22:19.0356 1656 KtmRm - ok
18:22:19.0418 1656 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:22:19.0465 1656 LanmanServer - ok
18:22:19.0527 1656 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:22:19.0574 1656 LanmanWorkstation - ok
18:22:19.0636 1656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:19.0668 1656 lltdio - ok
18:22:19.0714 1656 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:22:19.0746 1656 lltdsvc - ok
18:22:19.0777 1656 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:22:19.0839 1656 lmhosts - ok
18:22:20.0073 1656 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:22:20.0089 1656 LSI_FC - ok
18:22:20.0198 1656 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:22:20.0214 1656 LSI_SAS - ok
18:22:20.0260 1656 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:22:20.0276 1656 LSI_SCSI - ok
18:22:20.0292 1656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:22:20.0338 1656 luafv - ok
18:22:20.0338 1656 massfilter - ok
18:22:20.0385 1656 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:22:20.0401 1656 MBAMProtector - ok
18:22:21.0368 1656 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:21.0399 1656 MBAMService - ok
18:22:21.0555 1656 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:22:21.0618 1656 Mcx2Svc - ok
18:22:21.0711 1656 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:22:21.0727 1656 megasas - ok
18:22:21.0774 1656 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:22:21.0805 1656 MegaSR - ok
18:22:21.0852 1656 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:22:21.0914 1656 MMCSS - ok
18:22:21.0945 1656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:22:21.0992 1656 Modem - ok
18:22:22.0008 1656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:22:22.0070 1656 monitor - ok
18:22:22.0101 1656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:22.0117 1656 mouclass - ok
18:22:22.0132 1656 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:22.0148 1656 mouhid - ok
18:22:22.0179 1656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:22:22.0195 1656 MountMgr - ok
18:22:22.0210 1656 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:22:22.0226 1656 mpio - ok
18:22:22.0257 1656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:22:22.0288 1656 mpsdrv - ok
18:22:22.0335 1656 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:22:22.0413 1656 MpsSvc - ok
18:22:22.0444 1656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:22:22.0460 1656 Mraid35x - ok
18:22:22.0491 1656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:22:22.0507 1656 MRxDAV - ok
18:22:22.0569 1656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:22.0616 1656 mrxsmb - ok
18:22:22.0647 1656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:22.0694 1656 mrxsmb10 - ok
18:22:22.0725 1656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:22.0756 1656 mrxsmb20 - ok
18:22:22.0803 1656 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:22:22.0819 1656 msahci - ok
18:22:22.0834 1656 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:22:22.0850 1656 msdsm - ok
18:22:22.0881 1656 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:22:22.0912 1656 MSDTC - ok
18:22:22.0959 1656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:22:23.0022 1656 Msfs - ok
18:22:23.0037 1656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:22:23.0053 1656 msisadrv - ok
18:22:23.0084 1656 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:22:23.0115 1656 MSiSCSI - ok
18:22:23.0131 1656 msiserver - ok
18:22:23.0146 1656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:23.0209 1656 MSKSSRV - ok
18:22:23.0240 1656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:23.0302 1656 MSPCLOCK - ok
18:22:23.0334 1656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:22:23.0365 1656 MSPQM - ok
18:22:23.0412 1656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:22:23.0427 1656 MsRPC - ok
18:22:23.0427 1656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:23.0443 1656 mssmbios - ok
18:22:23.0474 1656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:22:23.0505 1656 MSTEE - ok
18:22:23.0536 1656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:22:23.0552 1656 Mup - ok
18:22:23.0646 1656 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:22:23.0677 1656 napagent - ok
18:22:23.0895 1656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:23.0911 1656 NativeWifiP - ok
18:22:24.0036 1656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:22:24.0067 1656 NDIS - ok
18:22:24.0114 1656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:24.0160 1656 NdisTapi - ok
18:22:24.0176 1656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:24.0223 1656 Ndisuio - ok
18:22:24.0270 1656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:24.0348 1656 NdisWan - ok
18:22:24.0379 1656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:22:24.0410 1656 NDProxy - ok
18:22:24.0426 1656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:22:24.0472 1656 NetBIOS - ok
18:22:24.0519 1656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:22:24.0582 1656 netbt - ok
18:22:24.0628 1656 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:24.0644 1656 Netlogon - ok
18:22:24.0987 1656 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:22:25.0065 1656 Netman - ok
18:22:25.0299 1656 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:22:25.0377 1656 netprofm - ok
18:22:25.0440 1656 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:22:25.0455 1656 NetTcpPortSharing - ok
18:22:25.0752 1656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:22:25.0752 1656 nfrd960 - ok
18:22:26.0376 1656 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:22:26.0438 1656 NlaSvc - ok
18:22:26.0563 1656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:22:26.0641 1656 Npfs - ok
18:22:26.0688 1656 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:22:26.0750 1656 nsi - ok
18:22:26.0828 1656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:22:26.0890 1656 nsiproxy - ok
18:22:26.0953 1656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:22:27.0031 1656 Ntfs - ok
18:22:27.0124 1656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:22:27.0171 1656 ntrigdigi - ok
18:22:27.0218 1656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:22:27.0234 1656 Null - ok
18:22:27.0265 1656 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:22:27.0280 1656 nvraid - ok
18:22:27.0296 1656 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:22:27.0312 1656 nvstor - ok
18:22:27.0343 1656 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:22:27.0358 1656 nv_agp - ok
18:22:27.0358 1656 NwlnkFlt - ok
18:22:27.0374 1656 NwlnkFwd - ok
18:22:27.0421 1656 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
18:22:27.0483 1656 OA009Ufd - ok
18:22:27.0514 1656 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
18:22:27.0546 1656 OA009Vid - ok
18:22:27.0577 1656 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:22:27.0639 1656 ohci1394 - ok
18:22:27.0967 1656 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:27.0998 1656 p2pimsvc - ok
18:22:28.0060 1656 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:28.0092 1656 p2psvc - ok
18:22:28.0201 1656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:22:28.0248 1656 Parport - ok
18:22:28.0310 1656 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:22:28.0310 1656 partmgr - ok
18:22:28.0341 1656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:22:28.0435 1656 Parvdm - ok
18:22:28.0981 1656 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:22:28.0996 1656 PcaSvc - ok
18:22:29.0542 1656 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
18:22:29.0605 1656 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
18:22:29.0714 1656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:22:29.0730 1656 pci - ok
18:22:30.0775 1656 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:22:30.0790 1656 pciide - ok
18:22:30.0900 1656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:22:30.0900 1656 pcmcia - ok
18:22:32.0023 1656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:22:32.0116 1656 PEAUTH - ok
18:22:32.0288 1656 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:22:32.0413 1656 pla - ok
18:22:32.0569 1656 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:22:32.0631 1656 PlugPlay - ok
18:22:32.0694 1656 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:32.0740 1656 PNRPAutoReg - ok
18:22:32.0772 1656 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:32.0818 1656 PNRPsvc - ok
18:22:32.0928 1656 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:22:33.0006 1656 PolicyAgent - ok
18:22:33.0349 1656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:33.0380 1656 PptpMiniport - ok
18:22:33.0474 1656 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:22:33.0505 1656 Processor - ok
18:22:33.0552 1656 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:22:33.0598 1656 ProfSvc - ok
18:22:33.0645 1656 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:33.0661 1656 ProtectedStorage - ok
18:22:33.0754 1656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:22:33.0770 1656 PSched - ok
18:22:33.0817 1656 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:22:33.0817 1656 PxHelp20 - ok
18:22:33.0879 1656 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:22:33.0973 1656 ql2300 - ok
18:22:34.0004 1656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:22:34.0020 1656 ql40xx - ok
18:22:34.0051 1656 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:22:34.0129 1656 QWAVE - ok
18:22:34.0144 1656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:22:34.0176 1656 QWAVEdrv - ok
18:22:34.0254 1656 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:34.0456 1656 R300 - ok
18:22:34.0628 1656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:34.0690 1656 RasAcd - ok
18:22:35.0377 1656 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:22:35.0486 1656 RasAuto - ok
18:22:35.0580 1656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:35.0611 1656 Rasl2tp - ok
18:22:35.0673 1656 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:22:35.0751 1656 RasMan - ok
18:22:35.0814 1656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:35.0829 1656 RasPppoe - ok
18:22:35.0845 1656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:35.0892 1656 RasSstp - ok
18:22:35.0938 1656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:35.0985 1656 rdbss - ok
18:22:36.0032 1656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:36.0048 1656 RDPCDD - ok
18:22:36.0110 1656 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:22:36.0141 1656 rdpdr - ok
18:22:36.0141 1656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:22:36.0219 1656 RDPENCDD - ok
18:22:36.0266 1656 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:22:36.0344 1656 RDPWD - ok
18:22:36.0375 1656 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:22:36.0438 1656 RemoteAccess - ok
18:22:36.0609 1656 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:22:36.0672 1656 RemoteRegistry - ok
18:22:37.0062 1656 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:22:37.0108 1656 RpcLocator - ok
18:22:37.0171 1656 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:22:37.0218 1656 RpcSs - ok
18:22:37.0264 1656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:37.0280 1656 rspndr - ok
18:22:37.0420 1656 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
18:22:37.0483 1656 RTSTOR - ok
18:22:37.0576 1656 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:37.0592 1656 SamSs - ok
18:22:37.0842 1656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:22:37.0857 1656 sbp2port - ok
18:22:37.0966 1656 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:22:37.0998 1656 SCardSvr - ok
18:22:38.0169 1656 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:22:38.0232 1656 Schedule - ok
18:22:38.0341 1656 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:22:38.0356 1656 SCPolicySvc - ok
18:22:38.0590 1656 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:22:38.0653 1656 SDRSVC - ok
18:22:38.0856 1656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:22:38.0902 1656 secdrv - ok
18:22:39.0495 1656 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:22:39.0526 1656 seclogon - ok
18:22:39.0620 1656 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:22:39.0682 1656 SENS - ok
18:22:39.0760 1656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:22:39.0838 1656 Serenum - ok
18:22:39.0870 1656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:22:39.0948 1656 Serial - ok
18:22:39.0979 1656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:22:39.0994 1656 sermouse - ok
18:22:40.0852 1656 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:22:40.0930 1656 SessionEnv - ok
18:22:42.0069 1656 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:22:42.0147 1656 sffdisk - ok
18:22:42.0444 1656 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:42.0506 1656 sffp_mmc - ok
18:22:42.0865 1656 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:22:42.0943 1656 sffp_sd - ok
18:22:43.0317 1656 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:43.0348 1656 sfloppy - ok
18:22:43.0645 1656 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:22:43.0707 1656 SharedAccess - ok
18:22:44.0175 1656 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:22:44.0238 1656 ShellHWDetection - ok
18:22:44.0362 1656 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:22:44.0378 1656 sisagp - ok
18:22:44.0409 1656 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:22:44.0425 1656 SiSRaid2 - ok
18:22:44.0456 1656 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:22:44.0456 1656 SiSRaid4 - ok
18:22:44.0534 1656 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
18:22:44.0550 1656 SkypeUpdate - ok
18:22:45.0267 1656 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:22:45.0595 1656 slsvc - ok
18:22:46.0671 1656 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:22:46.0734 1656 SLUINotify - ok
18:22:46.0827 1656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:22:46.0921 1656 Smb - ok
18:22:46.0968 1656 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:22:46.0999 1656 SNMPTRAP - ok
18:22:47.0061 1656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:22:47.0077 1656 spldr - ok
18:22:47.0108 1656 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:22:47.0139 1656 Spooler - ok
18:22:47.0623 1656 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
18:22:47.0638 1656 sprtsvc_DellSupportCenter - ok
18:22:48.0325 1656 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
18:22:48.0356 1656 sptd - ok
18:22:48.0481 1656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:22:48.0559 1656 srv - ok
18:22:48.0606 1656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:22:48.0668 1656 srv2 - ok
18:22:48.0684 1656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:48.0715 1656 srvnet - ok
18:22:48.0746 1656 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:22:48.0808 1656 SSDPSRV - ok
18:22:48.0918 1656 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
18:22:48.0964 1656 SSPORT ( UnsignedFile.Multi.Generic ) - warning
18:22:48.0964 1656 SSPORT - detected UnsignedFile.Multi.Generic (1)
18:22:49.0011 1656 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:22:49.0058 1656 SstpSvc - ok
18:22:49.0136 1656 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
18:22:49.0152 1656 STacSV - ok
18:22:49.0230 1656 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
18:22:49.0339 1656 STHDA - ok
18:22:49.0432 1656 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:22:49.0464 1656 stisvc - ok
18:22:49.0526 1656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:22:49.0542 1656 swenum - ok
18:22:49.0588 1656 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:22:49.0651 1656 swprv - ok
18:22:49.0713 1656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:22:49.0729 1656 Symc8xx - ok
18:22:49.0760 1656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:22:49.0776 1656 Sym_hi - ok
18:22:49.0807 1656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:22:49.0822 1656 Sym_u3 - ok
18:22:50.0244 1656 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:22:50.0322 1656 SysMain - ok
18:22:50.0446 1656 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:22:50.0462 1656 TabletInputService - ok
18:22:50.0571 1656 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:22:50.0649 1656 TapiSrv - ok
18:22:50.0680 1656 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:22:50.0743 1656 TBS - ok
18:22:50.0821 1656 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:22:50.0899 1656 Tcpip - ok
18:22:50.0930 1656 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:50.0977 1656 Tcpip6 - ok
18:22:51.0039 1656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:22:51.0133 1656 tcpipreg - ok
18:22:51.0164 1656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:22:51.0211 1656 TDPIPE - ok
18:22:51.0242 1656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:22:51.0273 1656 TDTCP - ok
18:22:51.0304 1656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:22:51.0351 1656 tdx - ok
18:22:51.0398 1656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:22:51.0414 1656 TermDD - ok
18:22:51.0445 1656 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:22:51.0507 1656 TermService - ok
18:22:51.0679 1656 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:22:51.0694 1656 Themes - ok
18:22:52.0131 1656 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:22:52.0162 1656 THREADORDER - ok
18:22:53.0005 1656 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:22:53.0036 1656 TrkWks - ok
18:22:53.0286 1656 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:22:53.0301 1656 TrustedInstaller - ok
18:22:54.0222 1656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:54.0253 1656 tssecsrv - ok
18:22:54.0783 1656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:22:54.0799 1656 tunmp - ok
18:22:54.0908 1656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:54.0970 1656 tunnel - ok
18:22:55.0033 1656 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:22:55.0048 1656 uagp35 - ok
18:22:55.0282 1656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:22:55.0314 1656 udfs - ok
18:22:55.0407 1656 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:22:55.0438 1656 UI0Detect - ok
18:22:56.0437 1656 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:22:56.0452 1656 uliagpkx - ok
18:22:56.0655 1656 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:22:56.0671 1656 uliahci - ok
18:22:56.0842 1656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:22:56.0842 1656 UlSata - ok
18:22:56.0874 1656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:22:56.0889 1656 ulsata2 - ok
18:22:56.0905 1656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:22:56.0936 1656 umbus - ok
18:22:56.0998 1656 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:22:57.0030 1656 upnphost - ok
18:22:57.0076 1656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:57.0123 1656 usbccgp - ok
18:22:57.0170 1656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:22:57.0217 1656 usbcir - ok
18:22:57.0388 1656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:57.0482 1656 usbehci - ok
18:22:57.0591 1656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:57.0669 1656 usbhub - ok
18:22:57.0747 1656 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:22:57.0794 1656 usbohci - ok
18:22:57.0825 1656 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:57.0888 1656 usbprint - ok
18:22:57.0950 1656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:57.0997 1656 USBSTOR - ok
18:22:58.0028 1656 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:58.0075 1656 usbuhci - ok
18:22:58.0122 1656 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:22:58.0184 1656 usbvideo - ok
18:22:58.0231 1656 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:22:58.0262 1656 UxSms - ok
18:22:58.0309 1656 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:22:58.0371 1656 vds - ok
18:22:58.0434 1656 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:58.0480 1656 vga - ok
18:22:58.0496 1656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:22:58.0527 1656 VgaSave - ok
18:22:58.0558 1656 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:22:58.0574 1656 viaagp - ok
18:22:58.0590 1656 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:22:58.0621 1656 ViaC7 - ok
18:22:58.0636 1656 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:22:58.0652 1656 viaide - ok
18:22:58.0668 1656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:22:58.0683 1656 volmgr - ok
18:22:58.0730 1656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:22:58.0746 1656 volmgrx - ok
18:22:58.0761 1656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:22:58.0777 1656 volsnap - ok
18:22:58.0808 1656 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:22:58.0824 1656 vsmraid - ok
18:22:58.0886 1656 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:22:58.0933 1656 VSS - ok
18:22:59.0292 1656 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:22:59.0338 1656 W32Time - ok
18:22:59.0448 1656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:22:59.0494 1656 WacomPen - ok
18:22:59.0526 1656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:59.0557 1656 Wanarp - ok
18:22:59.0557 1656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:59.0572 1656 Wanarpv6 - ok
18:22:59.0619 1656 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:22:59.0666 1656 wcncsvc - ok
18:22:59.0713 1656 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:22:59.0744 1656 WcsPlugInService - ok
18:22:59.0775 1656 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:22:59.0791 1656 Wd - ok
18:22:59.0822 1656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:22:59.0869 1656 Wdf01000 - ok
18:22:59.0900 1656 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:59.0947 1656 WdiServiceHost - ok
18:22:59.0947 1656 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:59.0978 1656 WdiSystemHost - ok
18:23:00.0009 1656 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:23:00.0025 1656 WebClient - ok
18:23:00.0072 1656 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:23:00.0087 1656 Wecsvc - ok
18:23:00.0103 1656 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:23:00.0150 1656 wercplsupport - ok
18:23:00.0196 1656 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:23:00.0243 1656 WerSvc - ok
18:23:00.0321 1656 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:23:00.0321 1656 WinDefend - ok
18:23:00.0337 1656 WinHttpAutoProxySvc - ok
18:23:00.0384 1656 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:23:00.0415 1656 Winmgmt - ok
18:23:00.0462 1656 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:23:00.0586 1656 WinRM - ok
18:23:00.0633 1656 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:23:00.0680 1656 Wlansvc - ok
18:23:00.0696 1656 wltrysvc - ok
18:23:00.0758 1656 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:00.0789 1656 WmiAcpi - ok
18:23:00.0852 1656 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:23:00.0898 1656 wmiApSrv - ok
18:23:00.0992 1656 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:23:01.0070 1656 WMPNetworkSvc - ok
18:23:01.0164 1656 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:23:01.0210 1656 WPCSvc - ok
18:23:01.0257 1656 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:23:01.0288 1656 WPDBusEnum - ok
18:23:01.0335 1656 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:23:01.0351 1656 WpdUsb - ok
18:23:01.0398 1656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:01.0413 1656 ws2ifsl - ok
18:23:01.0444 1656 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:23:01.0476 1656 wscsvc - ok
18:23:01.0476 1656 WSearch - ok
18:23:01.0554 1656 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:23:01.0647 1656 wuauserv - ok
18:23:01.0694 1656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:01.0772 1656 WUDFRd - ok
18:23:01.0803 1656 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:23:01.0866 1656 wudfsvc - ok
18:23:01.0866 1656 yksvc - ok
18:23:01.0912 1656 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
18:23:01.0975 1656 yukonwlh - ok
18:23:01.0990 1656 ZTEusbmdm6k - ok
18:23:02.0006 1656 ZTEusbnmea - ok
18:23:02.0006 1656 ZTEusbser6k - ok
18:23:02.0037 1656 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:23:07.0294 1656 \Device\Harddisk0\DR0 - ok
18:23:07.0996 1656 Boot (0x1200) (c02a8eb95172ce8b1019933a058d6e82) \Device\Harddisk0\DR0\Partition0
18:23:07.0996 1656 \Device\Harddisk0\DR0\Partition0 - ok
18:23:08.0012 1656 Boot (0x1200) (51978da9ce1ee83243a174ecc4bb7cab) \Device\Harddisk0\DR0\Partition1
18:23:08.0012 1656 \Device\Harddisk0\DR0\Partition1 - ok
18:23:08.0012 1656 ============================================================
18:23:08.0012 1656 Scan finished
18:23:08.0012 1656 ============================================================
18:23:08.0028 3292 Detected object count: 5
18:23:08.0028 3292 Actual detected object count: 5
18:23:19.0166 3292 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0166 3292 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:19.0182 3292 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:19.0182 3292 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:19.0182 3292 hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292 hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:23:19.0182 3292 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
lin.x |
|
08.04.2012, 18:14
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 19:47
| #10 |
| | Smart Defragmenter hier das combofix-log. am ende des prozesses, beim erstellen der log-datei ist das programm leider stecken geblieben, ich hoffe das log (der die das?) ist trotzdem brauchbar: Code:
ATTFilter ComboFix 12-04-07.04 - xxx 08.04.2012 19:20:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3034.2025 [GMT 2:00]
ausgeführt von:: C:\Users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\tbEDQ75VFH2EJb
C:\Windows\system32\drivers\etc\hosts.ics
((((((((((((((((((((((( Dateien erstellt von 2012-03-08 bis 2012-04-08 ))))))))))))))))))))))))))))))
2012-04-08 17:29:04 . 2012-04-08 17:29:35 -------- dc----w- C:\Users\xxx\AppData\Local\temp
2012-04-08 17:29:04 . 2012-04-08 17:29:04 -------- dc----w- C:\Users\Default\AppData\Local\temp
2012-04-08 15:30:51 . 2012-04-08 15:30:51 -------- dc----w- C:\_OTL
2012-04-05 08:22:42 . 2012-04-05 08:22:42 418464 -c--a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-04-04 22:31:54 . 2012-04-04 22:31:54 -------- dc----w- C:\Program Files\ESET
2012-04-02 14:07:42 . 2012-04-02 14:07:59 -------- dc----w- C:\Program Files\Defraggler
2012-04-01 19:28:21 . 2012-04-01 19:28:21 -------- dc----w- C:\Users\xxx\AppData\Roaming\Malwarebytes
2012-04-01 19:27:52 . 2012-04-01 19:27:52 -------- dc----w- C:\ProgramData\Malwarebytes
2012-04-01 19:27:51 . 2012-04-01 19:27:56 -------- dc----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-01 19:27:51 . 2011-12-10 13:24:06 20464 -c--a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-01 09:58:46 . 2012-04-01 09:58:46 -------- dc----w- C:\Users\xxx\AppData\Local\PDF24
2012-04-01 09:58:03 . 2012-04-01 09:58:22 -------- dc----w- C:\Program Files\PDF24
2012-03-30 19:23:14 . 2012-04-08 17:15:37 -------- dc----w- C:\Users\xxx\AppData\Roaming\vlc
2012-03-27 15:17:25 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2E75756-952B-4BAC-98D2-ADAED3D4EA29}\mpengine.dll
2012-03-26 09:16:44 . 2012-03-26 09:16:44 -------- dc----w- C:\Users\xxx\AppData\Local\Google
2012-03-26 09:16:44 . 2012-03-26 09:16:44 -------- dc----w- C:\Program Files\Google
2012-03-20 13:51:54 . 2012-03-20 13:51:54 592824 -c--a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-20 13:51:54 . 2012-03-20 13:51:54 44472 -c--a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-14 10:51:16 . 2012-01-09 15:54:08 613376 -c--a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 10:51:15 . 2012-02-02 15:16:25 2044416 -c--a-w- C:\Windows\system32\win32k.sys
2012-03-14 10:51:15 . 2012-01-09 13:58:29 180736 -c--a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:51:04 . 2012-02-13 13:44:40 1068544 -c--a-w- C:\Windows\system32\DWrite.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30 219648 -c--a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30 160768 -c--a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 10:51:03 . 2012-02-13 14:12:08 1172480 -c--a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 10:51:03 . 2012-02-13 13:47:57 683008 -c--a-w- C:\Windows\system32\d2d1.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-04-05 08:22:42 . 2011-09-27 06:54:48 70304 -c--a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15:19 . 2011-07-30 09:01:27 41184 -c--a-w- C:\Windows\avastSS.scr
2012-03-07 00:15:14 . 2011-07-30 09:01:21 201352 -c--a-w- C:\Windows\system32\aswBoot.exe
2012-03-07 00:03:51 . 2011-07-30 09:03:32 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-07 00:03:38 . 2011-07-30 09:03:44 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-07 00:02:00 . 2011-07-30 09:03:33 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-07 00:01:53 . 2011-07-30 09:03:33 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-07 00:01:48 . 2011-07-30 09:03:31 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01:30 . 2011-07-30 09:03:45 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18:36 . 2011-08-01 01:21:22 237072 -c----w- C:\Windows\system32\MpSigStub.exe
2012-03-20 13:51:54 . 2011-04-09 07:16:51 97208 -c--a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2009-03-31 14:18:34 217088]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-03-31 16:55:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-03-31 16:55:22 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-03-31 16:55:34 150552]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-12-21 18:34:46 3810304]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 22:41:12 178712]
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 18:49:08 405639]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-31 15:00:24 483428]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-07 00:15:17 4241512]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 12:53:18 460872]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-05 18:40:21 10536 -c--a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=C:\Windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07:56 843712 -c--a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51:18 37296 -c--a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30 687560 -c--a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 12:46:38 206064 ----a-w- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-03-14 07:02:08 155648 -c--a-w- C:\Program Files\PDF24\pdf24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-01-09 17:06:32 1735760 -c--a-w- C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03 1233920 ----a-w- C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55:08 17148552 -c--a-r- C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 05:59:52 254696 -c--a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell DataSafe Online"="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"MPlayerForWindows_UpdateReminder"="C:\Program Files\MPlayer für Windows\AutoUpdate.exe" /L=1031 /TASK
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 253600]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 15:00:04 81920]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - 25723643
*Deregistered* - 25723643
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Inhalt des "geplante Tasks" Ordners
2012-04-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 . 2012-04-05 08:22:42]
2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]
2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]
2012-04-08 C:\Windows\Tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 02:24:52 . 2008-01-21 02:24:52]
danke +lg |
|
08.04.2012, 20:17
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2012, 23:05
| #12 |
| | Smart Defragmenter hi, hab alles drei durchgeführt. gmer ist ist zu groß, daher in zwei teilen im anhang. osam: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-08 23:50:08
-----------------------------
23:50:08.290 OS Version: Windows 6.0.6002 Service Pack 2
23:50:08.291 Number of processors: 2 586 0x170A
23:50:08.293 ComputerName: xxx-NOTEBOOK UserName: xxx
23:50:09.594 Initialize success
23:50:09.779 AVAST engine defs: 12040801
23:50:36.853 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:50:36.855 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:50:36.905 Disk 0 MBR read successfully
23:50:36.908 Disk 0 MBR scan
23:50:36.911 Disk 0 Windows VISTA default MBR code
23:50:36.914 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:50:36.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
23:50:36.942 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
23:50:36.948 Disk 0 scanning sectors +488395120
23:50:37.032 Disk 0 scanning C:\Windows\system32\drivers
23:50:49.704 Service scanning
23:51:05.872 Modules scanning
23:51:28.377 Disk 0 trace - called modules:
23:51:28.418 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
23:51:28.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fe7510]
23:51:28.420 3 CLASSPNP.SYS[8b5a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86146028]
23:51:29.267 AVAST engine scan C:\Windows
23:51:32.113 AVAST engine scan C:\Windows\system32
23:53:33.609 AVAST engine scan C:\Windows\system32\drivers
23:53:46.926 AVAST engine scan C:\Users\xxx
23:56:20.169 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
23:56:20.176 The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"
lin.x |
|
08.04.2012, 23:09
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.04.2012, 21:57
| #14 |
| | Smart Defragmenter Juchu! Mbam war clean, logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.09.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 xxx:: xxx-NOTEBOOK [Administrator] Schutz: Aktiviert 09.04.2012 13:31:28 mbam-log-2012-04-09 (13-31-28).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364675 Laufzeit: 5 Stunde(n), 37 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/09/2012 at 10:00 PM
Application Version : 5.0.1146
Core Rules Database Version : 8426
Trace Rules Database Version: 6238
Scan type : Complete Scan
Total Scan Time : 02:40:28
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 778
Memory threats detected : 0
Registry items scanned : 32497
Registry threats detected : 0
File items scanned : 213287
File threats detected : 77
Adware.Tracking Cookie
.imrworldwide.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.webresint.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
stats.talkingpointsmemo.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.philips.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
s09.flagcounter.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
stats.greenpeace.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.countertool.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
stats.marketingtruthserum.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.care2.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
bb.b5media.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
tracking.oe24.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
tracking.oe24.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
servestats.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.toplist.cz [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
tracking.weinwelt.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.bonniercorp.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
server.lon.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
|
|
09.04.2012, 22:22
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Smart Defragmenter Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Smart Defragmenter |
| abgebrochen, administrator, anti-malware, appdata, autostart, dateien, dateisystem, desktop, explorer.exe, fehlermeldungen, folge, fontcache, gelöscht, gestoppt, heuristiks/extra, heuristiks/shuriken, malware, malwarebytes, mbam, microsoft, nicht sicher, plug-in, prozesse, quarantäne, service pack 2, smart hdd, software, temp, test, trojan.agent, vista, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
