Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse (https://www.trojaner-board.de/101930-problem-zxo-exe-falsche-weiterverlinkung-google-ergebnisse.html)

sheep_one 01.08.2011 21:42
Problem: zxo.exe, Falsche Weiterverlinkung auf google-Ergebnisse
 
Hallo,

ich hoffe es kann mir Jemand helfen. Zu meinem System: Windows 7, 64-Bit (so steht es in den Eigenschaften von Computer, unter Ausführen-> winver steht es nicht. Ich bin mir aber sicher, dass es ein 64-bit System ist.

Ich danke hier schonmal jedem, der sich das hier durchliest und mir Tipps gibt. Vielen Dank!

Ich habe gestern eine eindeutig schädliche .exe-Datei ausgeführt. Danach wurde im Hintergrund, das heißt ohne erkennbaren Player eine Audio-Datei abgespielt. Daraufhin habe ich den Task-Manager gestartet und einen verdächtigen Prozess identifiziert. Er hieß zxo.exe. Den habe ich beendet, aber spätestens nach einem Neustart war er wieder da, es kam aber keine Audio-Datei. Daraufhin habe ich den Registrierungs-Editor nach zxo.exe durchsucht und verschiedene Einträge gelöscht:

1) Unter "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Most Recent Applications" habe ich einen Eintrag mit dem Namen "Namen", Typ "REG_SZ" und Daten "zxo.exe" gelöscht.
2) Unter HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing habe ich verschiedene verdächtige Ordner gefunden und gelöscht: zxo_RASAPI32 und zxo_RASAMANCS. Es gab dort auch Ordner, die statt dem "o" in "zxo" ein m, l, j, n und k hatten. Diese habe ich alle gelöscht.

Nach mehreren Neustarts und abwarten ist der Prozess zxo.exe oder ein ähnlicher nicht wieder aufgetaucht.

Jetzt ist es allerdings so, dass ich trotz Deinstallieren und erneutem Installieren von Firefox und Löschen aller Cookies und Temp-Ordner auf falsche Internetseiten verlinkt werde, wenn ich ein google-Ergebnis anklicke.

Das heißt, ich vermute zwei verschiedene Probleme. Beim googlen von zxo.exe habe ich etwas von Backdoor Trojaner gelesen und bin daher sehr besorgt, dass mein PC zur Zeit (immernoch) nicht sicher ist.

EDIT: Mir ist eben gerade aufgefallen, dass ich den Windows-Sicherheitscenterdienst nicht aktivieren kann. Es kommt die Fehlermeldung "Windows-Sicherheitscenterdienst kann nicht gestartet werden."

Daher habe ich die in der Anleitung empfohlenen Schritte durchgeführt:

Defogger
Ich habe 2 mal Disable ausgeführt, da ich nicht gemerkt hatte, dass der Defogger bereits ein Logfile auf dem Desktop erstellt hatte. Ich wurde entgegen der Anleitung nicht zu einem Neustart aufegfordert, was mich irritiert hatte. Daher das zweimalige Anklicke auf Disable.

OTL
Während des Scans kam folgende Windows-Fehlermeldung "OTL.exe Datei ist beschädigt: C:\Windows\Programme\Data\Microsoft\Windows\WER\ReportArchive beschädigt oder nicht lesbar, Führen Sie CHKDSK aus."

Der Scan verlief trotzdem ohne Unterbrechung und lieferte folgendes Log: (Name durch *** ersetzt, auch bei Computer-Namen (***-Laptop)OTL Logfile:
Code:
OTL logfile created on: 01.08.2011 21:52:52 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\***\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,66% Memory free
5,93 Gb Paging File | 4,72 Gb Available in Paging File | 79,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53,71 Gb Total Space | 9,17 Gb Free Space | 17,08% Space Free | Partition Type: NTFS
Drive D: | 244,28 Gb Total Space | 14,73 Gb Free Space | 6,03% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.07.03 11:08:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.30 16:39:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010.11.02 14:13:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.03 14:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.05.03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.02.04 14:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.22 03:08:38 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.02 09:57:14 | 001,757,184 | ---- | M] () -- C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.exe
PRC - [2008.08.02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.03 11:08:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 16:39:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.22 03:08:38 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.08.02 09:57:14 | 001,431,440 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe -- (ArcGIS License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.03 11:08:57 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.03 11:08:57 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.24 00:25:14 | 000,094,864 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.11 17:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009.10.15 17:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.23 06:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.18 00:52:02 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2006.04.20 07:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Sentinel64.sys -- (Sentinel)
DRV - [2010.12.30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RKHit.sys -- (RkHit)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 DC E1 73 1A 4E CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.01.20 17:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.01 21:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.01 21:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.10 11:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.13 19:25:24 | 000,000,000 | ---D | M]
 
[2010.05.31 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.31 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.01 14:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions
[2010.05.31 22:06:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.13 12:48:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.17 20:19:25 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011.07.26 11:32:58 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.05.31 22:06:15 | 000,000,000 | ---D | M] (GetVideo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{a51dd9d0-56c3-11db-b0de-0800200c9a66}
[2011.07.04 20:56:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.31 22:06:15 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.31 22:06:05 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u4dvrdtw.default\extensions\moveplayer@movenetworks.com
[2011.08.01 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.30 10:04:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.31 18:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 17:17:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.19 18:08:58 | 000,001,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [8DDYX0ZBPZ]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.22 23:32:30 | 000,000,000 | ---D | M] - D:\Autogenes Training -- [ NTFS ]
O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell - "" = AutoRun
O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell - "" = AutoRun
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell - "" = AutoRun
O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.01 21:49:54 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.07.31 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor
[2011.07.31 20:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
[2011.07.31 16:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.07.31 16:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4WomenOnly
[2011.07.31 16:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\4WomenOnlyData
[2011.07.31 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4WomenOnly
[2011.07.31 16:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycle Calculator for Women
[2011.07.31 16:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundTells
[2011.07.31 16:41:43 | 012,351,329 | ---- | C] (Mutex Developments, Inc.                                    ) -- C:\Users\***\Desktop\4WomenOnlySetup.exe
[2011.07.29 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\projekte
[2010.08.12 22:32:16 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe8981.dll
[2009.11.25 16:39:30 | 009,311,688 | ---- | C] (Foxit Software) -- C:\Program Files (x86)\Foxit Reader.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.01 21:49:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.08.01 21:47:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.08.01 21:45:48 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.08.01 21:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.01 21:12:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.08.01 21:11:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.08.01 21:04:03 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.01 20:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.01 14:59:21 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2011.08.01 14:49:46 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.01 14:49:46 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.01 14:42:09 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.01 14:41:38 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\Rujuexfdh.job
[2011.08.01 14:41:18 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.01 14:41:15 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011.07.31 20:58:29 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2011.07.31 20:02:17 | 000,075,776 | RHS- | M] () -- C:\Windows\SysWow64\imageresl.dll
[2011.07.31 16:45:15 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\pcalc32_273.zip
[2011.07.31 16:42:22 | 012,351,329 | ---- | M] (Mutex Developments, Inc.                                    ) -- C:\Users\***\Desktop\4WomenOnlySetup.exe
[2011.07.30 16:04:46 | 000,127,729 | ---- | M] () -- C:\Users\***\Documents\aachen2.png
[2011.07.30 16:02:53 | 000,144,962 | ---- | M] () -- C:\Users\***\Documents\aachen.png
[2011.07.29 22:16:02 | 000,105,160 | ---- | M] () -- C:\Users\***\Documents\Antrag DGG.pdf
[2011.07.29 22:13:43 | 000,043,215 | ---- | M] () -- C:\Users\***\Documents\unterschrift.jpeg Kopie.jpg
[2011.07.29 22:11:45 | 000,078,303 | ---- | M] () -- C:\Users\***\Documents\unterschrift.jpeg
[2011.07.26 19:35:24 | 000,286,720 | ---- | M] () -- C:\Users\***\Documents\Datenbank4.accdb
[2011.07.25 21:13:30 | 000,100,587 | R--- | M] () -- C:\Users\***\Desktop\bescheinigung.PDF
[2011.07.13 19:48:22 | 000,201,811 | ---- | M] () -- C:\Users\***\Desktop\chris2.pdf
[2011.07.13 19:48:03 | 000,379,006 | ---- | M] () -- C:\Users\***\Desktop\chris.pdf
[2011.07.06 19:39:11 | 000,289,687 | ---- | M] () -- C:\Users\***\Desktop\Ganzseitiges Foto.pdf
[2011.07.03 11:08:57 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.03 11:08:57 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.08.01 21:47:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.08.01 21:45:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.08.01 21:42:12 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.31 20:58:29 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2011.07.31 20:57:59 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys
[2011.07.31 20:02:27 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.07.31 20:02:24 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.07.31 20:02:20 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.07.31 20:02:17 | 000,075,776 | RHS- | C] () -- C:\Windows\SysWow64\imageresl.dll
[2011.07.31 20:02:17 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\Rujuexfdh.job
[2011.07.31 16:44:30 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\pcalc32_273.zip
[2011.07.30 16:04:44 | 000,127,729 | ---- | C] () -- C:\Users\***\Documents\aachen2.png
[2011.07.30 16:02:50 | 000,144,962 | ---- | C] () -- C:\Users\***\Documents\aachen.png
[2011.07.29 22:16:00 | 000,105,160 | ---- | C] () -- C:\Users\***\Documents\Antrag DGG.pdf
[2011.07.29 22:13:42 | 000,043,215 | ---- | C] () -- C:\Users\***\Documents\unterschrift.jpeg Kopie.jpg
[2011.07.29 22:12:06 | 000,078,303 | ---- | C] () -- C:\Users\***\Documents\unterschrift.jpeg
[2011.07.26 19:34:56 | 000,286,720 | ---- | C] () -- C:\Users\***\Documents\Datenbank4.accdb
[2011.07.25 21:13:32 | 000,100,587 | R--- | C] () -- C:\Users\***\Desktop\bescheinigung.PDF
[2011.07.13 19:48:22 | 000,201,811 | ---- | C] () -- C:\Users\***\Desktop\chris2.pdf
[2011.07.13 19:48:02 | 000,379,006 | ---- | C] () -- C:\Users\***\Desktop\chris.pdf
[2011.07.10 11:30:31 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.06 19:39:09 | 000,289,687 | ---- | C] () -- C:\Users\***\Desktop\Ganzseitiges Foto.pdf
[2011.05.29 16:04:34 | 000,207,390 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2011.05.18 08:43:59 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{E8AA9A47-EB29-4642-916F-5E7B676FD71A}
[2010.12.02 08:43:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.08.26 19:04:25 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.06.03 09:43:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.05.31 18:04:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.13 21:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:19:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\msxml6r.dll
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:37:20 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\winshfhc.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll
 
========== LOP Check ==========
 
[2010.11.27 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5
[2011.01.26 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI
[2010.08.05 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2011.08.01 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.06.29 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.10.31 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2011.01.21 01:56:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2010.05.31 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.08.01 14:41:38 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\Rujuexfdh.job
[2011.05.10 07:40:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.01 21:04:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.01 21:12:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.08.01 21:11:03 | 000,000,282 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.22 12:46:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.31 17:03:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.06 10:13:36 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.11.18 21:11:37 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2010.11.29 13:42:17 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.01 12:46:37 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.11.28 17:10:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.31 20:57:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.07.31 16:55:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.05.31 17:03:24 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.05.31 17:03:25 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.08.01 21:54:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.24 14:51:16 | 000,000,000 | ---D | M] -- C:\Temp
[2010.05.31 20:56:20 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.31 20:58:29 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2009.11.25 16:39:30 | 009,311,688 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Reader.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2010.10.15 18:18:17 | 004,869,875 | ---- | C] ()(C:\Users\***\Desktop\Israel Kamakawiwo?ole - Over the Rainbow.mp3) -- C:\Users\***\Desktop\Israel Kamakawiwoʻole - Over the Rainbow.mp3
[2010.10.11 20:19:37 | 004,869,875 | ---- | M] ()(C:\Users\***\Desktop\Israel Kamakawiwo?ole - Over the Rainbow.mp3) -- C:\Users\***\Desktop\Israel Kamakawiwoʻole - Over the Rainbow.mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3ED99525

< End of report >
--- --- ---

cosinus 02.08.2011 10:36
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

sheep_one 02.08.2011 12:09
Hallo und Danke schonmal für deine Antwort. Das mit dem Malwarebytes-Scan hatte ich vorher nicht bemerkt. Hier der LOG:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7353

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02.08.2011 13:00:44
mbam-log-2011-08-02 (13-00-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 385899
Laufzeit: 1 Stunde(n), 3 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Nach dem Scan und Neustart waren die Dateien in c:\Windows\System32 und C:\Windows\SysWOW64 wieder da (siehe unten).

Ein paar Anmerkungen noch:
1) Ich habe im Ordner c:\Windows\System32 eine Datei namens rpcnetp.exe, die nach dem Löschen und nach einem Neustart immer wieder da ist. Sie wird immer direkt nach dem Neustart erstellt, daher ist sie mir aufgefallen.
2) Auch in C:\Windows\SysWOW64 taucht nach Löschen und Neustart eine mir unbekannte Datei auf, manchmal rpcnetp.exe oder agremove.exe. Wann welche auftaucht konnte ich bisher nicht rauskriegen. Diese Dateien sind auch immer neu erstellt, auch nach Löschen und Neu starten.
3) Ich habe eigenständig weitere Ordner in der Registrierung gelöscht (ka ob das jetzt so schlau war, aber ich habs halt gemacht) und zwar Folgende:

HKEY_CURRENT_USER\Software\8DDYX0ZBPZ
(darin wurde im Pfad auf C:\Users\***\AppData\Local\Temp\Zxj.exe verwiesen, deswegen gelöscht)

HKEY_CURRENT_USER\Software\NtWqIVLZEWZU
HKEY_CURRENT_USER\Software\ZU6RKI1ONY
(darin auch wieder die verdächtigen Namen ala zxj, zxn...)

Danke nochmal! Ich werde jetzt auch brav auf eine Antwort warten und nichts mehr löschen...

cosinus 02.08.2011 12:37
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

sheep_one 02.08.2011 12:42
nur noch das hier:

Code:
11:48:04        ***        MESSAGE        Protection started successfully
11:48:09        ***        MESSAGE        IP Protection started successfully
13:04:18        ***        MESSAGE        Protection started successfully
13:04:23        ***        MESSAGE        IP Protection started successfully
ältere habe ich auch nicht.

edit: *** ist wieder mein name

cosinus 02.08.2011 12:42
Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

sheep_one 02.08.2011 15:09
ok, hier das ergebnis

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d81e600ae45fc247aca231b80ad664d7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-02 01:53:19
# local_time=2011-08-02 03:53:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 252687 48822665 318617 0
# compatibility_mode=5893 16776574 100 94 262165 63915659 0 0
# compatibility_mode=8192 67108863 100 0 200 200 0 0
# scanned=206829
# found=4
# cleaned=0
# scan_time=7390
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\24ddd997-6c16c119        Java/TrojanDownloader.Agent.NBN trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\HSS-1.52-install-anchorfree-238-conduit2.exe        a variant of Win32/HotSpotShield application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\PCSafeDoctor_Setup.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
Bin jetzt erstmal weg, weitere Anweisungen führe ich dann später aus. Danke und bis später!

cosinus 02.08.2011 15:17
Zitat:
-- C:\Users\***\Desktop\4WomenOnlySetup.exe
Was ist DAS denn? :confused:

sheep_one 03.08.2011 08:45
Zitat:
Zitat von cosinus (Beitrag 689101)
Was ist DAS denn? :confused:
Das ist ein Programm, das man als Mann wirklich nicht braucht. Das ist eine normale Testversion, daran wirds nicht liegen. Habs gerade mal zur Sicherheit gelöscht, aber es ist wie gesagt nicht die Ursache.

cosinus 03.08.2011 09:31
Ich wollte doch nur wissen was das ist, löschen musst das nicht gleich :D


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.22 23:32:30 | 000,000,000 | ---D | M] - D:\Autogenes Training -- [ NTFS ]
O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell - "" = AutoRun
O33 - MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell - "" = AutoRun
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell - "" = AutoRun
O33 - MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
[2011.08.01 14:59:21 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2011.07.31 20:58:29 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2011.07.31 20:57:59 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys
[2011.07.31 20:02:17 | 000,075,776 | RHS- | C] () -- C:\Windows\SysWow64\imageresl.dll
[2011.04.06 10:13:36 | 000,000,000 | -HSD | M] -- C:\found.000
@Alternate Data Stream - 168 bytes -> C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3ED99525
:Files
C:\Windows\tasks\*.job
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

sheep_one 03.08.2011 16:40
Ok, habe ich gemacht. Rechner wollte nicht neu starten, hier das log:

Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\SysWOW64\agremove.exe moved successfully.
C:\Windows\tpcsd moved successfully.
File C:\Windows\SysWow64\drivers\RKHit.sys not found.
C:\Windows\SysWOW64\imageresl.dll moved successfully.
C:\found.000 folder moved successfully.
Unable to delete ADS C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b .
ADS C:\ProgramData\TEMP:3ED99525 deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\Rujuexfdh.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08032011_173534
Achso, hätte ich in Deinem Skript irgendwo meinen Benutzer-Namen wieder reinschreiben müssen? Hatte ich jetzt nicht drauf geachtet. Gemeckert hat OTL zumindest nicht.

Danke mal wieder ;) :)

cosinus 03.08.2011 16:42
Zitat:
@Alternate Data Stream - 168 bytes -> C:\Users\***\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b
Ja hier. Bitte zurückeditieren und das Script einfach nochmal ausführen.

sheep_one 03.08.2011 16:51
Alles klar, jetzt hab ichs gesehen. Hier nochmal das neue Ergebnis:

Code:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6074b3b6-9638-11df-b733-87e13873ac23}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e926dbd-5838-11e0-95cb-fcf29d8fdb23}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df674d42-98f7-11e0-95bc-ae6206d5573d}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
File C:\Windows\SysWow64\agremove.exe not found.
File C:\Windows\tpcsd not found.
File C:\Windows\SysWow64\drivers\RKHit.sys not found.
File C:\Windows\SysWow64\imageresl.dll not found.
Folder C:\found.000\ not found.
Unable to delete ADS C:\Users\Jana\Documents\unterschrift.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\ProgramData\TEMP:3ED99525 .
========== FILES ==========
File\Folder C:\Windows\tasks\*.job not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08032011_174929

cosinus 03.08.2011 19:51
Bitte auch nur sowas editieren wenn wirklich was privates drin steht! Nur der Vorname muss ja nicht sein.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

sheep_one 03.08.2011 21:18
Ja ok, werde es jetzt lassen...bin in letzter Zeit einfach internet vorsichtig geworden.

Hier der Log vom TDSS Killer.

Code:
2011/08/03 22:12:15.0227 4016        TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/03 22:12:15.0305 4016        ================================================================================
2011/08/03 22:12:15.0305 4016        SystemInfo:
2011/08/03 22:12:15.0305 4016       
2011/08/03 22:12:15.0305 4016        OS Version: 6.1.7601 ServicePack: 1.0
2011/08/03 22:12:15.0305 4016        Product type: Workstation
2011/08/03 22:12:15.0305 4016        ComputerName: JANA-LAPTOP
2011/08/03 22:12:15.0305 4016        UserName: Jana
2011/08/03 22:12:15.0305 4016        Windows directory: C:\Windows
2011/08/03 22:12:15.0305 4016        System windows directory: C:\Windows
2011/08/03 22:12:15.0305 4016        Running under WOW64
2011/08/03 22:12:15.0305 4016        Processor architecture: Intel x64
2011/08/03 22:12:15.0305 4016        Number of processors: 2
2011/08/03 22:12:15.0305 4016        Page size: 0x1000
2011/08/03 22:12:15.0305 4016        Boot type: Normal boot
2011/08/03 22:12:15.0305 4016        ================================================================================
2011/08/03 22:12:16.0771 4016        Initialize success
2011/08/03 22:12:20.0047 0800        ================================================================================
2011/08/03 22:12:20.0047 0800        Scan started
2011/08/03 22:12:20.0047 0800        Mode: Manual;
2011/08/03 22:12:20.0047 0800        ================================================================================
2011/08/03 22:12:21.0529 0800        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/03 22:12:21.0732 0800        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/03 22:12:21.0903 0800        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/03 22:12:21.0997 0800        acsock          (0ec911d24f14c969e980e92e4371464d) C:\Windows\system32\DRIVERS\acsock64.sys
2011/08/03 22:12:22.0200 0800        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/03 22:12:22.0325 0800        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/03 22:12:22.0481 0800        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/03 22:12:22.0652 0800        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/03 22:12:22.0839 0800        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/03 22:12:23.0058 0800        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/03 22:12:23.0151 0800        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/03 22:12:23.0245 0800        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/03 22:12:23.0292 0800        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/03 22:12:23.0370 0800        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/03 22:12:23.0510 0800        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/03 22:12:23.0619 0800        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/03 22:12:23.0838 0800        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/03 22:12:24.0009 0800        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/03 22:12:24.0243 0800        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/03 22:12:24.0415 0800        ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
2011/08/03 22:12:24.0587 0800        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/03 22:12:24.0712 0800        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/03 22:12:25.0039 0800        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/03 22:12:25.0289 0800        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/03 22:12:25.0507 0800        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/03 22:12:25.0616 0800        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/03 22:12:25.0694 0800        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/03 22:12:25.0882 0800        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/03 22:12:26.0225 0800        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/03 22:12:26.0365 0800        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/03 22:12:26.0443 0800        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/03 22:12:26.0490 0800        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/03 22:12:26.0646 0800        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/03 22:12:26.0833 0800        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/03 22:12:27.0005 0800        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/03 22:12:27.0067 0800        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/03 22:12:27.0130 0800        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/03 22:12:27.0317 0800        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/03 22:12:27.0473 0800        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/03 22:12:27.0707 0800        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/03 22:12:27.0878 0800        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/03 22:12:28.0190 0800        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/03 22:12:28.0378 0800        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/03 22:12:28.0518 0800        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/03 22:12:28.0705 0800        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/03 22:12:28.0783 0800        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/03 22:12:28.0861 0800        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/03 22:12:28.0986 0800        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/03 22:12:29.0111 0800        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/03 22:12:29.0314 0800        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/03 22:12:29.0423 0800        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/03 22:12:29.0641 0800        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/03 22:12:29.0938 0800        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/03 22:12:30.0421 0800        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/03 22:12:30.0874 0800        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/03 22:12:31.0045 0800        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/03 22:12:31.0310 0800        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/03 22:12:31.0529 0800        ETD            (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
2011/08/03 22:12:31.0685 0800        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/03 22:12:31.0919 0800        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/03 22:12:32.0137 0800        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/03 22:12:32.0324 0800        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/03 22:12:32.0387 0800        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/03 22:12:32.0590 0800        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/03 22:12:32.0746 0800        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/03 22:12:32.0964 0800        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/03 22:12:33.0042 0800        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/03 22:12:33.0167 0800        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/03 22:12:33.0307 0800        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/03 22:12:33.0635 0800        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/03 22:12:33.0822 0800        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/03 22:12:33.0994 0800        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/03 22:12:34.0056 0800        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/03 22:12:34.0103 0800        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/03 22:12:34.0165 0800        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/03 22:12:34.0352 0800        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/03 22:12:34.0524 0800        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/03 22:12:34.0633 0800        HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/08/03 22:12:35.0054 0800        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/03 22:12:35.0351 0800        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/03 22:12:35.0460 0800        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/03 22:12:35.0600 0800        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/03 22:12:36.0224 0800        igfx            (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/03 22:12:36.0692 0800        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/03 22:12:36.0833 0800        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/03 22:12:36.0911 0800        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/03 22:12:37.0067 0800        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/03 22:12:37.0254 0800        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/03 22:12:37.0426 0800        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/03 22:12:37.0535 0800        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/03 22:12:37.0644 0800        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/03 22:12:37.0847 0800        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/03 22:12:38.0034 0800        ivusb          (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
2011/08/03 22:12:38.0143 0800        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/03 22:12:38.0237 0800        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/03 22:12:38.0424 0800        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/03 22:12:38.0518 0800        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/03 22:12:38.0689 0800        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/03 22:12:38.0892 0800        L1E            (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/08/03 22:12:39.0095 0800        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/03 22:12:39.0313 0800        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/03 22:12:39.0469 0800        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/03 22:12:39.0594 0800        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/03 22:12:39.0703 0800        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/03 22:12:39.0922 0800        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/03 22:12:40.0078 0800        MBAMProtector  (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/03 22:12:40.0171 0800        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/03 22:12:40.0218 0800        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/03 22:12:40.0312 0800        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/03 22:12:40.0358 0800        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/03 22:12:40.0452 0800        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/03 22:12:40.0514 0800        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/03 22:12:40.0608 0800        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/03 22:12:40.0655 0800        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/03 22:12:40.0702 0800        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/03 22:12:40.0795 0800        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/03 22:12:40.0967 0800        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/03 22:12:41.0045 0800        mrxsmb10        (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/03 22:12:41.0092 0800        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/03 22:12:41.0154 0800        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/03 22:12:41.0232 0800        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/03 22:12:41.0372 0800        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/03 22:12:41.0419 0800        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/03 22:12:41.0482 0800        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/03 22:12:41.0560 0800        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/03 22:12:41.0622 0800        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/03 22:12:41.0684 0800        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/03 22:12:41.0856 0800        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/03 22:12:42.0199 0800        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/03 22:12:42.0308 0800        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/03 22:12:42.0355 0800        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/03 22:12:42.0433 0800        MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/08/03 22:12:42.0496 0800        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/03 22:12:42.0636 0800        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/03 22:12:42.0901 0800        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/03 22:12:43.0073 0800        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/03 22:12:43.0151 0800        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/03 22:12:43.0213 0800        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/03 22:12:43.0291 0800        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/03 22:12:43.0478 0800        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/03 22:12:43.0572 0800        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/03 22:12:43.0634 0800        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/03 22:12:43.0853 0800        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/03 22:12:43.0962 0800        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/03 22:12:44.0056 0800        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/03 22:12:44.0243 0800        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/03 22:12:44.0446 0800        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/03 22:12:44.0555 0800        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/03 22:12:44.0617 0800        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/03 22:12:44.0680 0800        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/03 22:12:44.0742 0800        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/03 22:12:45.0007 0800        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/03 22:12:45.0116 0800        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/03 22:12:45.0194 0800        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/03 22:12:45.0257 0800        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/03 22:12:45.0350 0800        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/03 22:12:45.0413 0800        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/03 22:12:45.0475 0800        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/03 22:12:45.0834 0800        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/03 22:12:45.0912 0800        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/03 22:12:46.0068 0800        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/03 22:12:46.0271 0800        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/03 22:12:46.0474 0800        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/03 22:12:46.0552 0800        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/03 22:12:46.0630 0800        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/03 22:12:46.0708 0800        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/03 22:12:46.0832 0800        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/03 22:12:46.0957 0800        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/03 22:12:47.0004 0800        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/03 22:12:47.0082 0800        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/03 22:12:47.0144 0800        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/03 22:12:47.0176 0800        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/03 22:12:47.0254 0800        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/03 22:12:47.0316 0800        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/03 22:12:47.0378 0800        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/03 22:12:47.0456 0800        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/03 22:12:47.0534 0800        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/03 22:12:47.0924 0800        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/03 22:12:48.0252 0800        s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/08/03 22:12:48.0346 0800        s0016mdfl      (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/08/03 22:12:48.0424 0800        s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/08/03 22:12:48.0564 0800        s0016mgmt      (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/08/03 22:12:48.0642 0800        s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/08/03 22:12:48.0736 0800        s0016obex      (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/08/03 22:12:48.0985 0800        s0016unic      (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/08/03 22:12:49.0110 0800        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/03 22:12:49.0188 0800        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/03 22:12:49.0266 0800        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/03 22:12:49.0344 0800        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/03 22:12:49.0453 0800        Sentinel        (82215bbed5d37b0c354f0e83fd0c8423) C:\Windows\System32\Drivers\SENTINEL64.SYS
2011/08/03 22:12:49.0516 0800        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/03 22:12:49.0562 0800        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/03 22:12:49.0640 0800        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/03 22:12:49.0796 0800        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/03 22:12:49.0874 0800        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/03 22:12:49.0921 0800        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/03 22:12:50.0062 0800        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/03 22:12:50.0186 0800        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/03 22:12:50.0296 0800        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/03 22:12:50.0374 0800        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/03 22:12:50.0654 0800        SNP2UVC        (a415c67b40dfb903accc1d40fbee3269) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/03 22:12:50.0795 0800        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/03 22:12:50.0982 0800        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/03 22:12:51.0169 0800        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/03 22:12:51.0232 0800        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/03 22:12:51.0325 0800        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/03 22:12:51.0434 0800        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/03 22:12:51.0497 0800        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/03 22:12:51.0544 0800        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/03 22:12:51.0637 0800        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/08/03 22:12:51.0902 0800        Tcpip          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/03 22:12:52.0152 0800        TCPIP6          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/03 22:12:52.0558 0800        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/03 22:12:52.0901 0800        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/03 22:12:53.0026 0800        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/03 22:12:53.0150 0800        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/03 22:12:53.0228 0800        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/03 22:12:53.0338 0800        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/03 22:12:53.0416 0800        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/03 22:12:53.0509 0800        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/03 22:12:53.0634 0800        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/03 22:12:53.0728 0800        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/03 22:12:53.0977 0800        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/03 22:12:54.0055 0800        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/03 22:12:54.0118 0800        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/03 22:12:54.0211 0800        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/08/03 22:12:54.0274 0800        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/03 22:12:54.0320 0800        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/03 22:12:54.0445 0800        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/08/03 22:12:54.0554 0800        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/03 22:12:54.0679 0800        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/03 22:12:55.0178 0800        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/03 22:12:55.0756 0800        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/03 22:12:55.0943 0800        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/03 22:12:56.0177 0800        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/03 22:12:56.0302 0800        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/08/03 22:12:56.0380 0800        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/03 22:12:56.0458 0800        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/03 22:12:56.0520 0800        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/03 22:12:56.0629 0800        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/03 22:12:56.0770 0800        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/03 22:12:56.0941 0800        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/03 22:12:57.0019 0800        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/03 22:12:57.0097 0800        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/03 22:12:57.0175 0800        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/03 22:12:57.0238 0800        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/03 22:12:57.0378 0800        vpnva          (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
2011/08/03 22:12:57.0472 0800        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/03 22:12:57.0518 0800        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/03 22:12:57.0628 0800        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/03 22:12:57.0690 0800        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/03 22:12:57.0768 0800        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/03 22:12:57.0830 0800        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/03 22:12:58.0096 0800        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/03 22:12:58.0189 0800        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/03 22:12:58.0392 0800        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/03 22:12:58.0470 0800        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/03 22:12:58.0688 0800        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/03 22:12:58.0798 0800        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/03 22:12:58.0969 0800        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/03 22:12:59.0094 0800        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/03 22:12:59.0172 0800        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/03 22:12:59.0312 0800        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/03 22:12:59.0359 0800        Boot (0x1200)  (dd3c55a94a5f229352b715d193f928a3) \Device\Harddisk0\DR0\Partition0
2011/08/03 22:12:59.0406 0800        Boot (0x1200)  (4113d57d4b8c3fdd8968a9e49647aa66) \Device\Harddisk0\DR0\Partition1
2011/08/03 22:12:59.0453 0800        Boot (0x1200)  (22324d4471870a33fa3cd7196e47603f) \Device\Harddisk0\DR0\Partition2
2011/08/03 22:12:59.0468 0800        ================================================================================
2011/08/03 22:12:59.0468 0800        Scan finished
2011/08/03 22:12:59.0468 0800        ================================================================================
2011/08/03 22:12:59.0500 2952        Detected object count: 0
2011/08/03 22:12:59.0500 2952        Actual detected object count: 0


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:35 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129