| |
| |||||||
Log-Analyse und Auswertung: OTL - Logfiles MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.04.2011, 18:27
| #1 |
 |  OTL - Logfiles Malware Hallo, ich habe auf meinem PC Malware. Als ich meinen PC hochgefahren habe, startete das Programm Windows Recovery, das ich einen Scan durchlaufen lies. Antivir zeigte an, dass ich einen Virus habe. Mittlerweile zeigt mir Antivir ungefähr alle 30 Sekunden an, dass ich Viren habe (zwischen 1 und ca. 80). Ich habe mir auch schon Beiträge hier im Forum angesehen und folgendes gemacht. - rkill ausgeführt - Malwarebytes Anti Malware ausgeführt - OTL ausgeführt Nun habe ich diese beiden Logfiles von OTL und ich hoffe, dass mir jemand helfen kann. Ich bedanke mich schonmal im Vorraus. |
|
18.04.2011, 18:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | OTL - Logfiles Malware Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
20.04.2011, 18:54
| #3 |
| | OTL - Logfiles Malware Oh die habe ich wohl vergessen. Ich werde sie mal hochladen. Ich habe das erste mal gescannt und welche gefunden und habe dann nach "Entfernung" der Viren den PC neugestartet und anschließend noch einmal gescannt.
__________________ |
|
20.04.2011, 18:58
| #4 |
| | OTL - Logfiles Malware Die habe ich vergessen. Ich werde sie hochladen. |
|
20.04.2011, 19:00
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL - Logfiles MalwareZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.04.2011, 21:37
| #6 |
| | OTL - Logfiles Malware Also ich habe nun upgedatet und einen vollscan gemacht. |
|
21.04.2011, 11:45
| #7 |
| | OTL - Logfiles Malware Ich habe jetzt nach der Entfernung noch einen vollscan gemacht und werde den auch hochladen, falls das Logfile benötigt wird. |
|
21.04.2011, 15:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL - Logfiles Malware Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (OMSI download service) -- File not found
SRV - (mysql) -- File not found
SRV - (Apache2.2) -- File not found
SRV - (AMService) -- File not found
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SearchAnonymizer) -- C:\Users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
[2008.01.01 18:03:23 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)
[2011.03.08 14:55:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.08 14:55:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.15 15:09:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.29 17:33:36 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.03.08 14:54:42 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com
[2008.03.28 12:56:30 | 000,000,000 | ---D | M] (OpenTaal woordenlijst) -- C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-1.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-10.xml
[2010.11.26 18:26:53 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-11.xml
[2011.03.09 22:45:32 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-12.xml
[2011.03.31 21:30:06 | 000,000,950 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-13.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-2.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-3.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-4.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-5.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-6.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-7.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-8.xml
[2010.05.01 17:27:00 | 000,001,067 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-9.xml
[2010.11.15 15:09:30 | 000,000,168 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.gif
[2010.11.15 15:09:30 | 000,000,618 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.xml
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Programme\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - File not found
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - File not found
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Programme\PDF Suite\PDFIEPlugin.dll (Interactive Brands)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.18 19:37:34 | 000,000,029 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\Shell\AutoRun\command - "" = E:\feprog.exe
O33 - MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EPSetup.exe -- [2009.12.11 07:02:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation)
[2011.04.18 09:46:13 | 000,000,000 | ---D | C] -- C:\Programme\iqbfuljh
[2011.04.16 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.26 11:32:16 | 000,000,000 | -HSD | C] -- C:\Users\Tobbi\AppData\Roaming\wyUpdate AU
[2011.04.16 09:34:53 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~34725640r
[2011.04.16 09:34:52 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~34725640
[2011.04.16 09:34:43 | 000,000,384 | -H-- | C] () -- C:\ProgramData\34725640
[2009.01.28 21:54:06 | 000,380,944 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.4nvgj3u
[2009.01.28 21:32:02 | 000,036,880 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.lx81nh
[2009.01.28 21:10:04 | 000,344,080 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.xbitq
[2009.01.02 13:15:44 | 000,315,408 | -H-- | C] () -- C:\ProgramData\acid loud meow.fpen6
[2009.01.02 13:15:38 | 000,315,408 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.ta4pck
[2009.01.02 13:15:38 | 000,245,776 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.qixnu
[2008.12.26 23:42:29 | 000,237,584 | -H-- | C] () -- C:\ProgramData\start software cake.ue1rax
[2008.12.26 23:42:12 | 000,057,360 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.4s5co5
[2008.12.17 14:41:08 | 000,311,312 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.qmsz66q
[2008.10.23 19:14:38 | 000,077,840 | -H-- | C] () -- C:\ProgramData\Meal Ace Base.me7jd
[2008.10.23 19:13:56 | 000,180,240 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.vk4otw6
[2008.10.01 12:49:45 | 000,094,224 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.io9x1
[2008.09.14 18:53:02 | 000,364,560 | -H-- | C] () -- C:\ProgramData\Bows Cake Cake.3sfreb9
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2011, 20:10
| #9 |
| | OTL - Logfiles Malware Ich habe den Fix gemacht und hier ist der code Code:
ATTFilter All processes killed
========== OTL ==========
Service TOSHIBA Bluetooth Service stopped successfully!
Service TOSHIBA Bluetooth Service deleted successfully!
File File not found not found.
Service OMSI download service stopped successfully!
Service OMSI download service deleted successfully!
File File not found not found.
Service mysql stopped successfully!
Service mysql deleted successfully!
File File not found not found.
Service Apache2.2 stopped successfully!
Service Apache2.2 deleted successfully!
File File not found not found.
Service AMService stopped successfully!
Service AMService deleted successfully!
File File not found not found.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
C:\Users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Programme\Freecorder\tbFree.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\searchplugin folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102)\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}(102) folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org\dictionaries folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\mozilla\Firefox\Profiles\rrvwok9c.default\extensions\nl_NL@opentaal.org folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AD61D5B-58A3-4592-9B34-DC84688FF805}\ deleted successfully.
C:\Programme\PDF Suite\PDFIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
c:\Programme\Google\GoogleToolbar1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{261F6A8B-7AAF-4BF5-8552-6610F4D67819} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}\ deleted successfully.
C:\Programme\PDF Suite\PDFIEPlugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E718888-423F-11D2-876E-00A0C9082467} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\ deleted successfully.
C:\Windows\System32\Msdxm6.ocx moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Programme\Freecorder\tbFree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
File c:\Programme\Google\GoogleToolbar1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f877a83-55d7-11df-8521-0016d4b37dc6}\ not found.
File E:\feprog.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7926035b-948a-11dc-a710-806e6f6e6963}\ not found.
File D:\EPSetup.exe not found.
Folder move failed. C:\Programme\iqbfuljh scheduled to be moved on reboot.
C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
C:\Users\Tobbi\AppData\Roaming\wyUpdate AU folder moved successfully.
C:\ProgramData\~34725640r moved successfully.
C:\ProgramData\~34725640 moved successfully.
C:\ProgramData\34725640 moved successfully.
C:\ProgramData\Bows Cake Cake.4nvgj3u moved successfully.
C:\ProgramData\Bows Cake Cake.lx81nh moved successfully.
C:\ProgramData\Bows Cake Cake.xbitq moved successfully.
C:\ProgramData\acid loud meow.fpen6 moved successfully.
C:\ProgramData\Bows Cake Cake.ta4pck moved successfully.
C:\ProgramData\Bows Cake Cake.qixnu moved successfully.
C:\ProgramData\start software cake.ue1rax moved successfully.
C:\ProgramData\Bows Cake Cake.4s5co5 moved successfully.
C:\ProgramData\Bows Cake Cake.qmsz66q moved successfully.
C:\ProgramData\Meal Ace Base.me7jd moved successfully.
C:\ProgramData\Bows Cake Cake.vk4otw6 moved successfully.
C:\ProgramData\Bows Cake Cake.io9x1 moved successfully.
C:\ProgramData\Bows Cake Cake.3sfreb9 moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tobbi
->Temp folder emptied: 25496071 bytes
->Temporary Internet Files folder emptied: 29723555 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78299832 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 1565 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 133775 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2900217 bytes
RecycleBin emptied: 2594005691 bytes
Total Files Cleaned = 2.606,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_205907
Files\Folders moved on Reboot...
Folder move failed. C:\Programme\iqbfuljh scheduled to be moved on reboot.
C:\Windows\temp\fla4AB2.tmp moved successfully.
C:\Windows\temp\Mhc.exe moved successfully.
C:\Windows\temp\Mhd.exe moved successfully.
File\Folder C:\Windows\temp\WER4D51.tmp.version.txt not found!
File\Folder C:\Windows\temp\WER4D62.tmp.appcompat.txt not found!
File\Folder C:\Windows\temp\WER4DFF.tmp.hdmp not found!
File\Folder C:\Windows\temp\~DF7F4D.tmp not found!
Registry entries deleted on Reboot...
|
|
21.04.2011, 20:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL - Logfiles Malware Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2011, 20:32
| #11 |
| | OTL - Logfiles Malware Ich habe das Programm TDSSKiller ausgeführt und den PC neugestartet. Hier ist das Logfile: Code:
ATTFilter 2011/04/21 21:26:15.0372 1176 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/21 21:26:15.0580 1176 ================================================================================
2011/04/21 21:26:15.0580 1176 SystemInfo:
2011/04/21 21:26:15.0580 1176
2011/04/21 21:26:15.0580 1176 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/21 21:26:15.0580 1176 Product type: Workstation
2011/04/21 21:26:15.0580 1176 ComputerName: DOMINIK
2011/04/21 21:26:15.0581 1176 UserName: Tobbi
2011/04/21 21:26:15.0581 1176 Windows directory: C:\Windows
2011/04/21 21:26:15.0581 1176 System windows directory: C:\Windows
2011/04/21 21:26:15.0581 1176 Processor architecture: Intel x86
2011/04/21 21:26:15.0581 1176 Number of processors: 2
2011/04/21 21:26:15.0581 1176 Page size: 0x1000
2011/04/21 21:26:15.0581 1176 Boot type: Normal boot
2011/04/21 21:26:15.0581 1176 ================================================================================
2011/04/21 21:26:33.0732 1176 Initialize success
|
|
21.04.2011, 21:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL - Logfiles Malware Ist unvollstöndig! So muss es ausgeführt werden: 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2011, 10:48
| #13 |
| | OTL - Logfiles Malware Ich hoffe es ist jetzt vollständig Code:
ATTFilter 2011/04/22 11:44:01.0854 3692 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/22 11:44:02.0035 3692 ================================================================================
2011/04/22 11:44:02.0035 3692 SystemInfo:
2011/04/22 11:44:02.0035 3692
2011/04/22 11:44:02.0036 3692 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/22 11:44:02.0036 3692 Product type: Workstation
2011/04/22 11:44:02.0036 3692 ComputerName: DOMINIK
2011/04/22 11:44:02.0036 3692 UserName: Tobbi
2011/04/22 11:44:02.0036 3692 Windows directory: C:\Windows
2011/04/22 11:44:02.0036 3692 System windows directory: C:\Windows
2011/04/22 11:44:02.0036 3692 Processor architecture: Intel x86
2011/04/22 11:44:02.0036 3692 Number of processors: 2
2011/04/22 11:44:02.0036 3692 Page size: 0x1000
2011/04/22 11:44:02.0036 3692 Boot type: Normal boot
2011/04/22 11:44:02.0036 3692 ================================================================================
2011/04/22 11:44:16.0328 3692 Initialize success
2011/04/22 11:44:22.0820 2256 ================================================================================
2011/04/22 11:44:22.0820 2256 Scan started
2011/04/22 11:44:22.0820 2256 Mode: Manual;
2011/04/22 11:44:22.0820 2256 ================================================================================
2011/04/22 11:44:26.0658 2256 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/22 11:44:28.0953 2256 ActionReplayDS (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\ActionReplayDS.sys
2011/04/22 11:44:29.0588 2256 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/22 11:44:30.0569 2256 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/22 11:44:31.0282 2256 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/22 11:44:32.0041 2256 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/22 11:44:32.0836 2256 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/22 11:44:33.0720 2256 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/22 11:44:34.0440 2256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/22 11:44:34.0749 2256 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/22 11:44:35.0009 2256 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/22 11:44:35.0588 2256 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/22 11:44:36.0060 2256 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/22 11:44:36.0430 2256 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/22 11:44:37.0044 2256 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/22 11:44:37.0582 2256 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/22 11:44:38.0002 2256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/22 11:44:38.0625 2256 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/22 11:44:39.0195 2256 athr (e51398cd3b4c9bae9d58d0aa35c8fe73) C:\Windows\system32\DRIVERS\athr.sys
2011/04/22 11:44:40.0609 2256 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/22 11:44:41.0316 2256 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/22 11:44:41.0911 2256 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/22 11:44:42.0203 2256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/22 11:44:42.0937 2256 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/22 11:44:43.0083 2256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/22 11:44:43.0202 2256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/22 11:44:43.0335 2256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/22 11:44:43.0424 2256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/22 11:44:43.0771 2256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/22 11:44:43.0875 2256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/22 11:44:43.0927 2256 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/22 11:44:43.0983 2256 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/22 11:44:44.0069 2256 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/22 11:44:44.0187 2256 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
2011/04/22 11:44:44.0267 2256 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/22 11:44:44.0336 2256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/22 11:44:44.0417 2256 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/22 11:44:44.0666 2256 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/22 11:44:44.0802 2256 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/22 11:44:45.0030 2256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/22 11:44:45.0217 2256 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/22 11:44:45.0287 2256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/22 11:44:45.0505 2256 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/22 11:44:45.0572 2256 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/22 11:44:45.0843 2256 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/22 11:44:46.0010 2256 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/22 11:44:46.0116 2256 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/22 11:44:46.0168 2256 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/22 11:44:46.0211 2256 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/22 11:44:46.0412 2256 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/22 11:44:46.0775 2256 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/22 11:44:46.0877 2256 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/22 11:44:47.0093 2256 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/22 11:44:47.0241 2256 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/22 11:44:47.0376 2256 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
2011/04/22 11:44:47.0432 2256 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
2011/04/22 11:44:47.0615 2256 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2011/04/22 11:44:47.0945 2256 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
2011/04/22 11:44:48.0296 2256 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/22 11:44:48.0388 2256 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/22 11:44:48.0517 2256 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/22 11:44:48.0600 2256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/22 11:44:48.0694 2256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/22 11:44:48.0786 2256 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/22 11:44:48.0909 2256 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/22 11:44:49.0000 2256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/22 11:44:49.0058 2256 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/22 11:44:49.0244 2256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/22 11:44:49.0342 2256 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/22 11:44:49.0399 2256 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/22 11:44:49.0564 2256 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/22 11:44:49.0661 2256 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/22 11:44:49.0760 2256 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/22 11:44:49.0823 2256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/22 11:44:49.0887 2256 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/22 11:44:49.0986 2256 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/22 11:44:50.0057 2256 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/22 11:44:50.0133 2256 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/22 11:44:50.0234 2256 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/22 11:44:50.0330 2256 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/22 11:44:50.0411 2256 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/22 11:44:50.0528 2256 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/22 11:44:50.0753 2256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/22 11:44:51.0105 2256 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/22 11:44:52.0095 2256 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/22 11:44:54.0350 2256 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/22 11:44:55.0261 2256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/22 11:44:55.0824 2256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/22 11:44:56.0250 2256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/22 11:44:56.0673 2256 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/22 11:44:57.0168 2256 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/22 11:44:57.0885 2256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/22 11:44:58.0469 2256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/22 11:44:59.0004 2256 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/22 11:44:59.0535 2256 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/22 11:44:59.0990 2256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/22 11:45:00.0373 2256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/22 11:45:00.0661 2256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/22 11:45:00.0947 2256 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/22 11:45:01.0677 2256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/22 11:45:02.0535 2256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/22 11:45:03.0005 2256 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/22 11:45:03.0147 2256 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/22 11:45:03.0651 2256 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/22 11:45:04.0193 2256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/22 11:45:04.0641 2256 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/22 11:45:05.0119 2256 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/22 11:45:05.0935 2256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/22 11:45:06.0351 2256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/22 11:45:06.0651 2256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/22 11:45:06.0998 2256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/22 11:45:07.0467 2256 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/22 11:45:07.0906 2256 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/22 11:45:08.0248 2256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/22 11:45:08.0637 2256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/22 11:45:09.0079 2256 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/22 11:45:09.0547 2256 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/22 11:45:09.0965 2256 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/22 11:45:10.0457 2256 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/22 11:45:11.0142 2256 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/22 11:45:11.0883 2256 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/22 11:45:12.0510 2256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/22 11:45:13.0045 2256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/22 11:45:13.0656 2256 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/22 11:45:14.0033 2256 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/22 11:45:14.0492 2256 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/22 11:45:14.0803 2256 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/22 11:45:15.0417 2256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/22 11:45:15.0794 2256 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/22 11:45:16.0141 2256 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/22 11:45:16.0489 2256 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/22 11:45:17.0639 2256 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/22 11:45:18.0139 2256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/22 11:45:18.0918 2256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/22 11:45:19.0545 2256 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/22 11:45:19.0963 2256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/22 11:45:20.0463 2256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/22 11:45:20.0881 2256 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/22 11:45:21.0600 2256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/22 11:45:21.0870 2256 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/22 11:45:22.0255 2256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/22 11:45:23.0075 2256 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/22 11:45:24.0051 2256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/22 11:45:24.0568 2256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/22 11:45:25.0057 2256 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/22 11:45:25.0503 2256 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/22 11:45:26.0043 2256 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/22 11:45:26.0966 2256 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/22 11:45:27.0889 2256 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/22 11:45:28.0726 2256 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/22 11:45:29.0204 2256 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/22 11:45:29.0634 2256 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/22 11:45:30.0192 2256 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/22 11:45:30.0639 2256 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/22 11:45:31.0330 2256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/22 11:45:32.0421 2256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/22 11:45:32.0822 2256 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/22 11:45:33.0825 2256 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/22 11:45:36.0098 2256 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/22 11:45:37.0218 2256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/22 11:45:37.0620 2256 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/22 11:45:37.0976 2256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/22 11:45:38.0334 2256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/22 11:45:38.0813 2256 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/22 11:45:39.0342 2256 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/22 11:45:39.0733 2256 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/22 11:45:40.0415 2256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/22 11:45:40.0854 2256 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/22 11:45:41.0405 2256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/22 11:45:42.0070 2256 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/22 11:45:42.0653 2256 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/22 11:45:43.0162 2256 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/22 11:45:43.0585 2256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/22 11:45:44.0189 2256 s1018bus (27ccf532a08f437ffc795158b8b7a7f6) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/04/22 11:45:44.0642 2256 s1018mdfl (2443aca3551cfb160ecaa642f6718b99) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/04/22 11:45:45.0104 2256 s1018mdm (9d273a6cf8f984097e61ecd68827d8c0) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/04/22 11:45:45.0603 2256 s1018mgmt (57d4d2efd2f3dc4bb8a351702ae01ba5) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/04/22 11:45:46.0315 2256 s1018nd5 (2102d69ed2ed4b89a607c4e09504fb59) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/04/22 11:45:46.0774 2256 s1018obex (382921439a5fb855cc6e000ac24d0c95) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/04/22 11:45:47.0516 2256 s1018unic (4e2c788d013e567bd68ae4ad36485239) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/04/22 11:45:47.0987 2256 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/22 11:45:48.0068 2256 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/22 11:45:48.0804 2256 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/22 11:45:49.0632 2256 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/22 11:45:50.0035 2256 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\Windows\system32\DRIVERS\SE27bus.sys
2011/04/22 11:45:50.0504 2256 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\Windows\system32\DRIVERS\SE27mdfl.sys
2011/04/22 11:45:50.0940 2256 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\Windows\system32\DRIVERS\SE27mdm.sys
2011/04/22 11:45:51.0654 2256 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\Windows\system32\DRIVERS\SE27mgmt.sys
2011/04/22 11:45:52.0064 2256 se44bus (3097cff31374e309a8950775111a52bd) C:\Windows\system32\DRIVERS\se44bus.sys
2011/04/22 11:45:52.0302 2256 se44mdfl (4a03dd4fb5b7cb2c53d8fe8848455a4e) C:\Windows\system32\DRIVERS\se44mdfl.sys
2011/04/22 11:45:52.0393 2256 se44mdm (2ca2e66a945b5de1228ab5f5341d0e97) C:\Windows\system32\DRIVERS\se44mdm.sys
2011/04/22 11:45:52.0477 2256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/22 11:45:52.0628 2256 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/22 11:45:52.0701 2256 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/22 11:45:52.0751 2256 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/22 11:45:52.0795 2256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/22 11:45:53.0079 2256 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/22 11:45:53.0153 2256 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/22 11:45:53.0212 2256 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/22 11:45:53.0269 2256 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/22 11:45:53.0389 2256 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/22 11:45:53.0461 2256 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/22 11:45:53.0513 2256 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/22 11:45:53.0919 2256 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/22 11:45:57.0723 2256 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/04/22 11:46:04.0618 2256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/22 11:46:05.0671 2256 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/22 11:46:05.0671 2256 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/22 11:46:05.0679 2256 sptd - detected Locked file (1)
2011/04/22 11:46:06.0189 2256 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/22 11:46:06.0801 2256 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/22 11:46:07.0102 2256 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/22 11:46:07.0503 2256 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/22 11:46:08.0112 2256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/22 11:46:09.0199 2256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/22 11:46:09.0610 2256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/22 11:46:10.0108 2256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/22 11:46:10.0779 2256 tap0901 (fc73b46c3c76c9f1f7ec82749c0c48f3) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/22 11:46:11.0777 2256 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/22 11:46:13.0076 2256 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/22 11:46:13.0768 2256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/22 11:46:14.0421 2256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/22 11:46:14.0943 2256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/22 11:46:15.0413 2256 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/22 11:46:15.0881 2256 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/22 11:46:16.0415 2256 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2011/04/22 11:46:16.0641 2256 tosrfbd (a594dbd80ca5426e2e558bf79195a110) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/04/22 11:46:17.0151 2256 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/04/22 11:46:17.0911 2256 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
2011/04/22 11:46:18.0493 2256 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/04/22 11:46:18.0903 2256 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/04/22 11:46:19.0401 2256 TosRfSnd (7c0999169ef696f10761bf8275027330) C:\Windows\system32\drivers\tosrfsnd.sys
2011/04/22 11:46:19.0978 2256 Tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/04/22 11:46:20.0297 2256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/22 11:46:20.0374 2256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/22 11:46:20.0429 2256 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/22 11:46:20.0490 2256 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/22 11:46:20.0583 2256 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/22 11:46:20.0695 2256 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/22 11:46:20.0769 2256 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/22 11:46:20.0853 2256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/22 11:46:20.0918 2256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/22 11:46:21.0015 2256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/22 11:46:21.0139 2256 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/22 11:46:21.0347 2256 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/22 11:46:21.0473 2256 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/22 11:46:21.0777 2256 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/22 11:46:22.0326 2256 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/22 11:46:22.0891 2256 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/22 11:46:23.0148 2256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/22 11:46:23.0332 2256 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/22 11:46:23.0650 2256 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/22 11:46:24.0185 2256 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/22 11:46:24.0753 2256 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/22 11:46:25.0168 2256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/22 11:46:25.0698 2256 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/22 11:46:26.0337 2256 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/22 11:46:26.0758 2256 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/22 11:46:27.0176 2256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/22 11:46:27.0625 2256 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/22 11:46:28.0091 2256 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/22 11:46:28.0595 2256 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/22 11:46:29.0290 2256 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/22 11:46:29.0859 2256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 11:46:29.0925 2256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 11:46:30.0667 2256 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/22 11:46:31.0164 2256 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/22 11:46:32.0204 2256 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/22 11:46:33.0004 2256 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/22 11:46:33.0476 2256 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/22 11:46:33.0869 2256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/22 11:46:34.0406 2256 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/22 11:46:34.0657 2256 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/22 11:46:34.0816 2256 ================================================================================
2011/04/22 11:46:34.0816 2256 Scan finished
2011/04/22 11:46:34.0816 2256 ================================================================================
2011/04/22 11:46:34.0836 3088 Detected object count: 1
2011/04/22 11:46:40.0303 3088 Locked file(sptd) - User select action: Skip
|
|
22.04.2011, 12:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL - Logfiles Malware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2011, 18:50
| #15 |
| | OTL - Logfiles Malware Hier ist das Logfile von ComboFix: Code:
ATTFilter ComboFix 11-04-21.06 - Tobbi 22.04.2011 19:30:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3061.1998 [GMT 2:00]
ausgeführt von:: c:\users\Tobbi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dateicommander\DateiCommander.exe
c:\programdata\hpeA0A2.dll
c:\users\Tobbi\AppData\Roaming\Adobe\plugs
c:\users\Tobbi\AppData\Roaming\Adobe\shed
c:\users\Tobbi\AppData\Roaming\Local
c:\windows\system32\sshnas21.dll
c:\windows\system32\temp.009
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-22 bis 2011-04-22 ))))))))))))))))))))))))))))))
.
.
2011-04-22 17:20 . 2011-04-22 17:20 -------- d-----w- c:\program files\CCleaner
2011-04-22 09:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5E2E23A-5FA8-497A-ABE3-B7719AC8146A}\mpengine.dll
2011-04-17 18:07 . 2011-04-17 18:07 -------- d-----w- c:\users\Tobbi\AppData\Roaming\Avira
2011-04-17 18:05 . 2011-01-10 12:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-17 18:05 . 2011-04-17 18:05 -------- d-----w- c:\programdata\Avira
2011-04-17 18:05 . 2011-04-17 18:05 -------- d-----w- c:\program files\Avira
2011-04-17 13:03 . 2011-04-17 13:03 -------- d-----w- c:\users\Tobbi\AppData\Roaming\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-17 13:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-17 13:03 . 2011-04-18 16:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-17 10:42 . 2011-04-17 10:42 110080 ----a-w- c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-04-17 10:42 . 2011-04-17 10:42 110080 ----a-w- c:\users\Tobbi\AppData\Roaming\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-04-17 10:42 . 2011-04-17 10:42 -------- d-----w- C:\sh4ldr
2011-04-17 10:42 . 2011-04-17 10:42 -------- d-----w- c:\program files\Enigma Software Group
2011-04-17 08:07 . 2011-04-17 18:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-16 11:43 . 2011-04-16 11:43 -------- d-----w- c:\windows\Sun
2011-04-16 11:19 . 2011-04-16 11:19 -------- d-----w- c:\users\Tobbi\AppData\Roaming\Malwarebytes
2011-04-16 11:19 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 11:19 . 2011-04-16 11:19 -------- d--h--w- c:\programdata\Malwarebytes
2011-04-16 11:18 . 2011-04-16 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 11:18 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 10:51 . 2011-04-16 10:59 -------- d-----w- C:\_OTL
2011-04-15 11:34 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-06 11:29 . 2011-04-06 11:29 -------- d-----w- c:\program files\iPod
2011-04-06 11:26 . 2011-04-06 11:26 -------- d-----w- c:\program files\Safari
2011-03-26 09:30 . 2011-03-26 09:30 -------- d-----w- c:\program files\Free-Private-Gaming
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-23 11:20 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 11:20 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 11:20 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 16:11 . 2009-10-03 11:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-11-20 11:24 . 2007-11-20 11:24 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2007-11-20 11:23 . 2007-11-20 11:22 3928264 ----a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-11-20 11:21 . 2007-11-20 11:21 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2003-10-05 23:12 . 2010-01-05 15:33 2874232 ----a-w- c:\program files\ROTK.exe
2011-03-18 17:56 . 2011-04-20 19:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-04-18 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-04-18 16:02 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-06-07 13:59 198960 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Tobbi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ-Tools.de Launcher.lnk]
path=c:\users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ-Tools.de Launcher.lnk
backup=c:\windows\pss\ICQ-Tools.de Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 15:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ------w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 07:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
2008-10-23 17:27 300336 ----a-w- c:\program files\HiYo\Bin\HiYo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33 421160 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2010-05-01 15:26 106496 ----a-w- c:\users\Tobbi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFServerEngine]
2009-07-24 16:09 392288 ----a-w- c:\program files\PDF Suite\PDFServerEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-03-16 22:24 2423752 ------w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-02-24 13:53 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-18 14:51 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 136176]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-02-05 1931776]
R4 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-03-30 306296]
R4 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-03-30 162936]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-02 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 11:51]
.
2009-11-29 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tobbi\AppData\Roaming\Mozilla\Firefox\Profiles\rrvwok9c.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-PC SpeedScan Pro - c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-click.EXE 2.0 Free - c:\progra~1\clickEXE\UNWISE.EXE
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE
AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~2\UNWISE.EXE
AddRemove-Hex Workshop v4.20 - c:\gta sa mods\hw41unin.isu
AddRemove-Movies - c:\progra~1\JanSoft\Movies\UNWISE.EXE
AddRemove-softonic-de3 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE
AddRemove-the Renegade mod tools - c:\progra~1\RENEGA~1\UNWISE.EXE
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WindowBlinds - c:\progra~1\Stardock\OBJECT~2\WINDOW~1\UNWISE.EXE
AddRemove-Xpage Internet Studio 6 Special Edition - c:\program files\Xpage Internet Studio 6 Special Edition\Uninstall_Xpage Internet Studio 6 Special Edition\Uninstall Xpage Internet Studio 6 Special Edition.exe
AddRemove-{3F290582-3F4E-4B96-009C-E0BABAA40C42} - c:\program files\EA GAMES\Die Schlacht um Mittelerde(tm)\EAUninstall.exe
AddRemove-{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-22 19:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,d7,3e,15,
fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,
17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{261F6A8B-7AAF-4BF5-8552-6610F4D67819}"=hex:51,66,7a,6c,4c,1d,38,12,e5,69,0c,
22,9d,34,9b,0e,fa,44,25,50,f1,88,3c,0d
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"=hex:51,66,7a,6c,4c,1d,38,12,8d,a0,16,
c8,f1,2a,9c,0f,c0,d7,ec,4d,63,e8,d4,71
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,32,
90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}"=hex:51,66,7a,6c,4c,1d,38,12,ef,85,ed,
76,c8,45,75,02,e4,3c,f0,3e,d3,d3,94,8a
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{1AD61D5B-58A3-4592-9B34-DC84688FF805}"=hex:51,66,7a,6c,4c,1d,38,12,35,1e,c5,
1e,91,16,fc,00,e4,22,9f,c4,6d,d1,bc,11
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9CB65201-89C4-402C-BA80-02D8C59F9B1D}"=hex:51,66,7a,6c,4c,1d,38,12,6f,51,a5,
98,f6,c7,42,05,c5,96,41,98,c0,c1,df,09
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FE063DB1-4EC0-403E-8DD8-394C54984B2C}"=hex:51,66,7a,6c,4c,1d,38,12,df,3e,15,
fa,f2,00,50,05,f2,ce,7a,0c,51,c6,0f,38
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,20,4e,da,33,00,cc,01
.
[HKEY_USERS\S-1-5-21-580093863-836433992-2563045413-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:21,3f,86,5f,65,66,5d,e4,29,c9,7d,1e,29,ce,81,04,19,b3,3d,cd,47,82,ed,
4f,b6,7c,c8,b4,f5,56,ab,e5,59,36,9c,56,2d,a9,b2,e2,89,d1,25,ca,49,62,a6,91,\
"??"=hex:c6,07,ca,9a,d0,69,60,e7,00,d8,57,75,3b,b1,69,a6
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-22 19:41:52
ComboFix-quarantined-files.txt 2011-04-22 17:41
.
Vor Suchlauf: 5 Verzeichnis(se), 42.204.274.688 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 42.103.754.752 Bytes frei
.
- - End Of File - - 222EB1DC18EEC405B0138566E96F47BD
|
|
| Themen zu OTL - Logfiles Malware |
| antivir, beiträge, folge, folgendes, forum, hochgefahren, hoffe, logfiles, malwar, malware, malwarebytes, programm, recovery, rkill, scan, schonmal, sekunden, starte, viren, virus, windows, windows recovery, zwischen |
Linear-Darstellung
