Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malware Trace, HEUR/HTML.Malware (https://www.trojaner-board.de/104599-malware-trace-heur-html-malware.html)

sternchen222 29.10.2011 22:45
Malware Trace, HEUR/HTML.Malware
 
Hallo zusammen,

seit längerer Zeit bekomme ich immer wieder Virenfunde von Avira gemeldet. Ich habe mich damit begnügt, diese mit einem Mausklick zu entfernen. Wenn ich mir die History so ansehe, gibt es wohl mehrere Probleme auf meinem PC. Ich führe das einmal darauf zurück, dass ich früher in gutem Glauben einige Toolbars installiert (und kaum wieder wegbekommen) habe. Zum anderen surfen manchmal auch Freunde an dem Rechner, was ich nicht überwache. Die unten genannten HTML-Scriptmeldungen habe ich oft beim Surfen (Firefox), z. B. in Foren, bekommen.

Auszug Quarantäne Avira:
26.07.2010: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FlashFrame.Gen
11.12.2010: Ist das Trojanische Pferd TR/Code.tae (FreeYouTubeDownloader.exe)
09.02.2011: Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2
10.04.2011: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
29.10.2011: Enthält verdächtigen Code: HEUR/HTML.Malware

Also scheint der Rechner sehr verseucht zu sein, aber ich merke davon nichts... außer, dass er langsam ist. Dass ich jetzt erst wirklich "aktiv" werde, liegt daran, dass ein Bekannter meinte, der PC müsse platt gemacht werden. Ich hoffe, das ist nicht die einzige Lösung?!

Die Malware-Meldung habe ich heute bestimmt 20x bekommen und darauffhin einen Vollscan mit MalwareBytes gemacht. Ich konnte meine Version aber nicht aktualisieren, war ziemlich veraltet... Mir wurde als Fund Malware-Trace angezeigt (das bekam ich früher auch schon mal), ließ sich zwar entfernen, kam aber immer wieder. Ich habe die aktuelle Version installiert und werde morgen noch einen Vollscan machen.

Ich füge den OTL-Log dran, einen Extra-Log finde ich aber nicht auf meinem Desktop.

Über Hilfe wäre ich sehr, sehr dankbar! :-) Danke schon mal.

Viele Grüße

mmk 29.10.2011 23:13
Guten Abend & herzlich willkommen,
kurz ein paar Anmerkungen.

Zitat:
Zitat von sternchen222 (Beitrag 714608)
seit längerer Zeit bekomme ich immer wieder Virenfunde von Avira gemeldet. Ich habe mich damit begnügt, diese mit einem Mausklick zu entfernen.
Das kann sich in Fehleinschätzung der Sachlage zu einem durchaus größeren Problem auswachsen. Optimal wäre es, unmittelbar nach einer Meldung, diese z.B. in einem Fachforum zur Begutachtung zu posten. Das vielleicht als Empfehlung für die Zukunft.

Manchmal stecken hinter solchen Meldungen auch Fehlalarme; die Funde dann löschen zu lassen, kann selbst ohne vorliegende Infektion zu Einschränkungen des Systems oder der eingesetzten Programme führen, wenn diesbezüglich relevante Dateien fälschlicher Weise als Schädling klassifiziert worden waren.

Anders herum kann aber bei einer Meldung zu einem "echten" Schädling ein Mausklick nicht ausreichen, wenn der Virenscanner z.B. nur eine Komponente von mehreren entdeckte. Daher sollte jedem einzelnen Hinweis entsprechend nachgegangen werden.

Zitat:
Wenn ich mir die History so ansehe, gibt es wohl mehrere Probleme auf meinem PC.
Es wäre nicht schlecht, wenn Du diese komplette Fundhistorie Deines Virenscanners zusätzlich posten könntest - inklusive der jeweiligen Fundorte.

Zitat:
Ich führe das einmal darauf zurück, dass ich früher in gutem Glauben einige Toolbars installiert (und kaum wieder wegbekommen) habe.
Solange sich die Meldungen ausschließlich auf "ungefährliche" Toolbars bezogen hätten, wäre das nicht so schlimm - mal abgesehen davon, dass eine Menge von dem Zeug letztlich zu unnötigen Ballast anwächst, der auch noch die Angriffsfläche vergrößert.

Zitat:
Zum anderen surfen manchmal auch Freunde an dem Rechner, was ich nicht überwache.
Du solltest diesbezüglich darüber nachdenken, jenen lediglich ein Gast- bzw. eingeschränktes Konto zur Verfügung zu stellen. Ich kenne Deine Freunde nicht und weiß daher auch nicht, wie "fit" sie bei dem Thema sind, allerdings bist Du die Admina Deines Systems und solltest diese Handschrift daher auch entsprechend deutlich machen.


Die unten genannten HTML-Scriptmeldungen habe ich oft beim Surfen (Firefox), z. B. in Foren, bekommen.

Zitat:
Auszug Quarantäne Avira:
Code:
26.07.2010: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/FlashFrame.Gen
09.02.2011: Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2
10.04.2011: Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen
29.10.2011: Enthält verdächtigen Code: HEUR/HTML.Malware
Das können, wenn die heuristischen Meldungen korrekt waren, Hinweise auf infizierte Webseiten sein, die beim Aufruf verwundbare Systeme "drive-by", also im Vorbeisurfen ohne weitere Interaktion des Benutzers, infizieren.

Zitat:
Also scheint der Rechner sehr verseucht zu sein,
Kann. Muss nicht. Wenn die Exploits keine Angriffsfläche finden, kann auch keine Malware auf Dein System gelangen und dort aktiv werden. (Nein, Funde im Browsercache bedeuten nicht zwangsläufig auch eine Infektion des Systems!)

Zitat:
aber ich merke davon nichts...
Merken muss man von Infektionen auch nicht unbedingt etwas. Es gibt sehr auffällige - bewusst auffällig gestaltete, wie Scareware -, andererseits aber auch bewusst unauffällig konzipierte, wenn wir z.B. von persönliche Daten ausspionierender Malware reden.

Zitat:
außer, dass er langsam ist.
Auch das kann ein Hinweis sein, muss aber nicht. Keylogger beispielsweise benötigen keine große Bandbreite und versenden nur geringe Datenmengen, auch erzeugen sie nur minimalst Last. Das bemerkt man gar nicht. Anders herum kann auch ein lediglich "vermülltes" System zu einem langsamen System führen, ohne dass Schädlinge daran beteiligt sein müssen.

Zitat:
Dass ich jetzt erst wirklich "aktiv" werde, liegt daran, dass ein Bekannter meinte, der PC müsse platt gemacht werden. Ich hoffe, das ist nicht die einzige Lösung?!
Das hängt mit davon ab, wie sich die weiteren Ergebnisse zeigen. Ich habe jetzt nicht in das OTL-Log geschaut.

Zitat:
Ich habe die aktuelle Version installiert und werde morgen noch einen Vollscan machen.
Diese Infos wären dann auch noch wichtig.

Soweit erstmal & gute Nacht!

sternchen222 30.10.2011 19:45
Liste der Anhänge anzeigen (Anzahl: 2)
Vielen Dank, dass du dich meines Problems angenommen hast! :daumenhoc und für die allgemeine Aufklärung zu Viren und Co.

Wie versprochen habe ich noch mal den Vollscan von Malwarebytes drüberlaufen lassen. Im Ergebnis zeigt er wieder den Malware Trace und zwei andere infizierte Dateien an. Ich habe alles entfernt und neu gestartet, doch laut Log hat's anscheinend nicht geklappt. Die Dateien, die mit dem AdwareAgent infiziert sind, wollte ich löschen, aber ich habe sie nicht gefunden.

Weil ich nicht rausgefunden habe, wie ich mit Avira einen Log erstelle, habe ich zwei Screenshots gemacht. Ich hoffe, die helfen dir weiter. Es ist auch fast alles drauf.

Einen schönen Abend noch und viele Grüße

cosinus 02.11.2011 19:40
Zitat:
Datenbank Version: 7622
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

sternchen222 03.11.2011 21:16
Hallo cosinus,

hier ist der neue Malwarebytes-Log, diesmal konnte ich die Funde auch entfernen.

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8077

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

03.11.2011 21:07:43
mbam-log-2011-11-03 (21-07-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 369675
Laufzeit: 1 Stunde(n), 31 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Beim letzten OTL-Scan habe ich keinen Extra-Log erhalten. Davor habe ich OTL schon mal drüberlaufen lassen, nur mir ist danach aufgefallen, dass ich nicht alle Programme geschlossen hatte. Bei diesem Scan wurde aber eine Extra-Datei gespeichert. Die füge ich auch mal an.

Code:
OTL Extras logfile created on: 29.10.2011 21:21:13 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\So\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,44 Gb Available Physical Memory | 25,38% Memory free
4,70 Gb Paging File | 2,88 Gb Available in Paging File | 61,16% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 77,02 Gb Total Space | 18,35 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive D: | 72,03 Gb Total Space | 38,28 Gb Free Space | 53,14% Space Free | Partition Type: NTFS
Drive E: | 29,95 Gb Total Space | 24,33 Gb Free Space | 81,26% Space Free | Partition Type: FAT32
Drive F: | 44,52 Gb Total Space | 39,13 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
Drive I: | 465,65 Gb Total Space | 300,63 Gb Free Space | 64,56% Space Free | Partition Type: FAT32
 
Computer Name: PCSO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 5B 58 63 BF B9 E1 C8 01  [binary data]
"VistaSp2" = C8 4D 26 5D 77 23 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2118127535-916424629-4213236669-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021795EB-81EC-407D-9DF0-E70996D5E22E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A4BD74B-C4D9-446D-9AE6-07960038A7DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{0ACB1E45-F3D5-45C0-AA7E-DE42E38E1C23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C3EC31F-0B28-4B74-9F6D-6F56D84E596B}" = rport=137 | protocol=17 | dir=out | app=system |
"{19B54CDD-7FAC-46FC-8188-0E435F7C3F55}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EE2763B-3FDE-4BFE-8275-F13DD8A2A906}" = rport=445 | protocol=6 | dir=out | app=system |
"{458BF1F7-B839-42B9-BBD6-91585D478F0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48B4B075-1BB3-4197-8C6B-CAC31F89A2ED}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{51720420-B885-45D4-B5D7-53A642C63E6B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5423E9AD-962B-4C42-84BB-4F72AA1C1691}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{570834E7-0FF2-454E-8222-FD0841EF6936}" = lport=137 | protocol=17 | dir=in | app=system |
"{57D29779-5DFB-460B-8811-9555977CABEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5B31DB6A-5609-4FCE-B5B6-FD4DA7FA26BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{600E4BFD-80EB-48CB-845C-592821FEF389}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62A09606-0540-4676-8923-1C87AAB827F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A678C4F-2216-4D45-B0BD-FF93D2743030}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78BD6815-396C-47A5-A500-F58D43B60784}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89FE74BA-6728-4AF5-8DEF-7F36C5B9C011}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C6BBB5E-D13F-4850-AE6A-FDAB8C9C0745}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D6F4F7-0D76-48D5-A70D-6BDD4D67FE08}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCF966DF-A9B9-4E76-9380-25915896E4A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0A49C04-5685-449B-B986-E7C5D3FA5044}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CCB190B7-0FB5-4E68-9566-8D358F2F6ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9CE5C56-C93D-4734-B937-BE7696901755}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAA1D14C-679F-41E0-8508-3801BBC84BCE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC05199A-D33F-4C03-BE9C-86D83342FCB1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F268D66A-2048-4DEF-879D-63001C3CA664}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04670F03-1E49-40D7-AB1E-9F4ECB050C85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0761EC0A-7562-46D8-86DB-E4ED7EB685DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe |
"{09900AF7-6DD6-407D-8357-A27F59631F5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13883946-5FE4-4E42-BA12-4B62512B6D46}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{18E751CF-DCCE-4C40-96A2-B048EA86186D}" = protocol=17 | dir=in | app=d:\downloads1\3gpconvertersetup.exe |
"{271FB02D-9D53-47A3-9878-1195FA11E85F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DAADADB-4F98-443D-9541-6331CECB513D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40EFA562-35F2-477F-AE75-18F3548CDB11}" = protocol=17 | dir=in | app=e:\datein\videotomp3setup.exe |
"{442E7DDC-EA20-4CD9-885E-2493FB09A494}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe |
"{51020141-49FA-4847-ACDD-C133E88CFBAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51194E55-777C-4CBB-9DF1-234AD63D437D}" = protocol=6 | dir=in | app=d:\downloads1\3gpconvertersetup.exe |
"{531F781A-D180-4140-97CA-8244B2943DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe |
"{55F34907-EE3A-45B9-BAD3-A5E8685A3329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B906C24-5589-47C8-B885-7481D6E94D42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70364E01-6973-4268-BE42-87D47CB19DB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79DF2E7F-1A95-4845-853F-11ADA79CE5AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{879CCDC6-099D-4869-BB73-48DBE65B54E0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{890FC08E-DF44-43E2-9E61-C5D6D039DFCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{894B4EF3-10EB-480E-93B3-095FB8607B03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92CE9962-50A7-42FF-93FE-50321D93C8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D5A044A-63AF-4B06-A957-4D1BDC38F969}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9ED7E567-2DC5-4F77-8D9B-0695ABC00C5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A27D6188-E2AD-4AE4-B7B4-E336B90DC42A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nicknaeck\counter-strike source\hl2.exe |
"{B5491A4E-6FD1-43A3-92D2-2F7AC7863879}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8276490-4060-48E4-B260-DA96172ABA49}" = protocol=6 | dir=out | app=system |
"{BC65ABA5-AAED-4A36-8B91-9A9013C3FB34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6F01717-37A0-41DF-AEF6-E1144CF827A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C90A92AF-BE45-4BE9-B669-BA9D20D075C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D167E20C-DA9D-464A-96DC-EA2B95056C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D606405B-4F26-41A2-8BBA-5D1C4FEABA31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6CE066B-A1E6-4944-B31D-9B4A7AD9B3B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAC96FCA-DE1E-437D-AD6C-FD6190769372}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E522A3F1-2D90-479B-B927-DD360992CE2E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F857B3A7-3423-4B72-9F9A-30913F5750FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCA90AD9-F47A-41E0-857C-441CD3108AE9}" = protocol=6 | dir=in | app=e:\datein\videotomp3setup.exe |
"TCP Query User{16D4877F-2515-40C7-8A1B-8FBA0617AFB1}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{4B755E65-9535-45EA-B722-634F13064412}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe |
"TCP Query User{546094A7-859A-424F-9796-7AB130550B2B}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{D83318E6-A38D-4427-81F3-BF08FD8FAB9C}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe |
"UDP Query User{3A45EF18-E234-46F6-BC63-AAF17AE38013}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{91C5241C-C7CD-4042-A66A-79C9C5E9BEFA}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe |
"UDP Query User{9C5687FD-281F-4A45-BD71-A704F7DC5636}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{BDF836C7-656B-4386-8885-72C6D8EFEF9E}C:\users\so\appdata\roaming\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\so\appdata\roaming\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VistaFirewallControl (x64)_is1" = VistaFirewallControl 1.0.7.134
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GoldWave v5.06" = GoldWave v5.06
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Revo Uninstaller" = Revo Uninstaller 1.83
"SpeedCommander 9" = SpeedCommander 9
"Steam App 240" = Counter-Strike: Source
"SystemInfo_is1" = SystemInfo 1.0.1.7
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2009 10:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 11:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 12:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 13:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 14:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 15:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 16:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 17:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 18:03:25 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
Error - 29.12.2009 19:03:26 | Computer Name = PCSo | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 27.10.2011 07:52:01 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7009
Description =
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.10.2011 07:53:12 | Computer Name = PCSo | Source = Service Control Manager | ID = 7026
Description =
 
Error - 29.10.2011 08:55:36 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 29.10.2011 08:55:37 | Computer Name = PCSo | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
 
Error - 29.10.2011 08:56:18 | Computer Name = PCSo | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7009
Description =
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.10.2011 08:57:31 | Computer Name = PCSo | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
Viele Grüße

cosinus 03.11.2011 21:55
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


sternchen222 04.11.2011 18:06
Hier ist nun der ESET-Log:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=41217
ESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61a20685c68efc4c901515db5d12454d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-04 05:04:01
# local_time=2011-11-04 06:04:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 5543 95322805 77832 0
# compatibility_mode=5892 16776573 100 56 4926 157950147 0 0
# compatibility_mode=8192 67108863 100 0 5023 5023 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0

cosinus 04.11.2011 19:41
mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sternchen222 04.11.2011 20:10
Ist erledigt! Danke, dass du hier so schnell reagierst :)

Code:
OTL logfile created on: 04.11.2011 19:51:04 - Run 3
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\So\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,95% Memory free
4,70 Gb Paging File | 3,48 Gb Available in Paging File | 74,10% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 77,02 Gb Total Space | 15,07 Gb Free Space | 19,56% Space Free | Partition Type: NTFS
Drive D: | 72,03 Gb Total Space | 38,21 Gb Free Space | 53,04% Space Free | Partition Type: NTFS
Drive E: | 29,95 Gb Total Space | 23,53 Gb Free Space | 78,58% Space Free | Partition Type: FAT32
Drive F: | 44,52 Gb Total Space | 39,13 Gb Free Space | 87,88% Space Free | Partition Type: NTFS
 
Computer Name: PCSO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.21 06:41:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.09.21 06:41:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.24 15:15:26 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.06.04 16:44:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\So\Desktop\OTL.exe
PRC - [2010.11.15 20:02:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.04 16:44:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\So\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.19 09:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2007.03.29 13:21:16 | 000,433,152 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\VistaFirewallControl\VistaFirewallService.exe -- (VistaFirewallService)
SRV - [2011.10.15 16:08:04 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.21 06:41:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.21 06:41:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.24 15:15:26 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.21 06:41:36 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.21 06:41:36 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.29 17:22:42 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.11 22:40:17 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2008.01.19 08:09:56 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008.01.19 07:36:12 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008.01.19 07:36:11 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2007.12.10 14:21:56 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2007.02.20 17:28:43 | 000,144,812 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2005.01.04 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/default"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.09.03 14:11:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.25 13:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 12:10:20 | 000,000,000 | ---D | M]
 
[2009.01.10 12:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011.11.04 17:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions
[2009.08.23 13:08:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.04 23:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.04.25 12:09:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 18:37:11 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.02.26 17:22:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.22 16:41:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.26 17:22:25 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml
[2011.05.07 10:22:13 | 000,002,342 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml
[2011.09.03 14:04:19 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml
[2011.05.13 19:13:02 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml
[2011.10.12 13:00:25 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml
[2011.05.07 10:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
[2011.09.03 14:11:31 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2011.06.25 13:14:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.10 18:37:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.02 10:38:32 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [VistaFirewallControl] C:\Programme\VistaFirewallControl\VistaFirewallControl.exe (Sphinx Software)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell - "" = AutoRun
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - (Adobe Systems Incorporated)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig:64bit - StartUpReg: DXM6Patch_981116 - hkey= - key= - C:\Windows\p_981116.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ICQ Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LDM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechGalleryRepair - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechImageStudioTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LVCOMS - hkey= - key= - C:\Program Files (x86)\Common Files\Logitech\QCDriver3\LVCOMS.EXE (Logitech Inc.)
MsConfig:64bit - StartUpReg: QCDriverInstaller - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RealTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.04 17:53:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2011.11.04 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.03 19:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.03 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.27 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.10.12 13:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011.10.12 13:00:09 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com  Web: hxxp://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2011.10.12 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2007.02.07 18:13:00 | 000,369,152 | ---- | C] (NVIDIA Corporation) -- C:\Programme\NVUninst.exe
[2007.02.07 18:13:00 | 000,369,152 | ---- | C] (NVIDIA Corporation) -- C:\Programme\nvudisp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.04 19:31:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.04 19:31:50 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.04 19:11:54 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.04 17:53:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\user\Desktop\esetsmartinstaller_enu.exe
[2011.11.04 17:32:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.04 17:32:05 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.11.04 17:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.03 19:14:17 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 11:46:40 | 001,445,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.03 11:46:40 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.03 11:46:40 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.03 11:46:40 | 000,126,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.03 11:46:40 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 18:29:31 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.10.29 21:02:45 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2011.10.12 17:20:45 | 000,257,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.12 13:00:08 | 000,109,216 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011.10.12 13:00:08 | 000,090,784 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011.10.12 12:10:20 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
 
========== Files Created - No Company Name ==========
 
[2011.11.03 19:14:17 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.29 21:02:45 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2011.10.12 13:00:23 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011.10.12 13:00:23 | 000,090,784 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011.04.02 10:49:58 | 000,005,061 | ---- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2011.02.20 14:36:09 | 000,000,467 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.03.17 13:56:38 | 000,005,048 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.03 21:20:41 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
[2010.01.03 20:54:04 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009.11.27 21:11:37 | 000,034,610 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.11.27 21:09:12 | 000,034,610 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.29 17:22:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2009.08.22 22:49:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.22 22:49:07 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.08.22 22:48:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.22 10:24:49 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[2009.02.25 18:15:42 | 000,283,070 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet_nav.dat
[2009.02.25 18:15:12 | 000,000,328 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet_navps.dat
[2009.02.25 18:15:11 | 000,000,089 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet.bat
[2009.02.25 18:15:09 | 000,002,906 | ---- | C] () -- C:\Users\user\AppData\Local\vdrapet.dat
[2009.01.27 16:04:28 | 000,275,267 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb_nav.dat
[2009.01.27 16:03:57 | 000,002,905 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb.dat
[2009.01.27 16:03:57 | 000,000,311 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb_navps.dat
[2009.01.27 16:03:57 | 000,000,089 | ---- | C] () -- C:\Users\user\AppData\Local\zmrfjfb.bat
[2009.01.20 19:53:46 | 000,003,680 | ---- | C] () -- C:\Users\user\AppData\Roaming\Sys2657a.DLL
[2008.11.12 17:43:36 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.08.22 11:07:16 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.06.27 08:49:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.02.24 18:05:13 | 000,000,060 | ---- | C] () -- C:\Windows\mpsettings.ini
[2007.02.24 17:54:18 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2007.02.24 17:54:18 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2007.02.21 14:30:55 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2007.02.21 14:26:41 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini
[2007.02.21 14:25:07 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2007.02.18 17:10:19 | 000,144,812 | ---- | C] () -- C:\Windows\SysWow64\drivers\dump_wmimmc.sys
[2007.02.18 15:14:17 | 000,061,952 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.18 13:39:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.02.17 15:49:18 | 000,000,047 | ---- | C] () -- C:\Windows\wininit.ini
[2007.02.17 14:47:32 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2007.02.07 18:13:00 | 006,802,354 | ---- | C] () -- C:\Programme\NvCpl.dl_
[2007.02.07 18:13:00 | 004,976,822 | ---- | C] () -- C:\Programme\nvDispS.dl_
[2007.02.07 18:13:00 | 004,937,205 | ---- | C] () -- C:\Programme\data1.cab
[2007.02.07 18:13:00 | 004,547,123 | ---- | C] () -- C:\Programme\nvoglv64.dl_
[2007.02.07 18:13:00 | 004,478,646 | ---- | C] () -- C:\Programme\nvlddmkm.sy_
[2007.02.07 18:13:00 | 003,747,051 | ---- | C] () -- C:\Programme\nvd3dumx.dl_
[2007.02.07 18:13:00 | 003,425,576 | ---- | C] () -- C:\Programme\nvoglv32.dl_
[2007.02.07 18:13:00 | 003,167,904 | ---- | C] () -- C:\Programme\nvViTvS.dl_
[2007.02.07 18:13:00 | 003,136,116 | ---- | C] () -- C:\Programme\nvDispSR.dl_
[2007.02.07 18:13:00 | 002,787,424 | ---- | C] () -- C:\Programme\nvGameS.dl_
[2007.02.07 18:13:00 | 002,772,524 | ---- | C] () -- C:\Programme\nvd3dum.dl_
[2007.02.07 18:13:00 | 002,700,075 | ---- | C] () -- C:\Programme\nvViTvSR.dl_
[2007.02.07 18:13:00 | 001,619,145 | ---- | C] () -- C:\Programme\nvMoblSR.dl_
[2007.02.07 18:13:00 | 001,477,239 | ---- | C] () -- C:\Programme\nvwgf2umx.dl_
[2007.02.07 18:13:00 | 001,442,231 | ---- | C] () -- C:\Programme\nvwss.dl_
[2007.02.07 18:13:00 | 001,104,385 | ---- | C] () -- C:\Programme\nvGameSR.dl_
[2007.02.07 18:13:00 | 000,983,968 | ---- | C] () -- C:\Programme\nvwssr.dl_
[2007.02.07 18:13:00 | 000,940,236 | ---- | C] () -- C:\Programme\nvwgf2um.dl_
[2007.02.07 18:13:00 | 000,923,140 | ---- | C] () -- C:\Programme\nvcplui.ex_
[2007.02.07 18:13:00 | 000,729,554 | ---- | C] () -- C:\Programme\nvMoblS.dl_
[2007.02.07 18:13:00 | 000,459,544 | ---- | C] () -- C:\Programme\engine32.cab
[2007.02.07 18:13:00 | 000,435,969 | ---- | C] () -- C:\Programme\setup.ibt
[2007.02.07 18:13:00 | 000,368,989 | ---- | C] () -- C:\Programme\DPInst.ex_
[2007.02.07 18:13:00 | 000,339,712 | ---- | C] () -- C:\Programme\nvcpluir.dl_
[2007.02.07 18:13:00 | 000,247,609 | ---- | C] () -- C:\Programme\setup.inx
[2007.02.07 18:13:00 | 000,237,685 | ---- | C] () -- C:\Programme\nvdspJPN.chm
[2007.02.07 18:13:00 | 000,223,301 | ---- | C] () -- C:\Programme\nvdspKOR.chm
[2007.02.07 18:13:00 | 000,222,683 | ---- | C] () -- C:\Programme\nvdspTHA.chm
[2007.02.07 18:13:00 | 000,218,823 | ---- | C] () -- C:\Programme\nvdspELL.chm
[2007.02.07 18:13:00 | 000,218,813 | ---- | C] () -- C:\Programme\nvdspCHT.chm
[2007.02.07 18:13:00 | 000,213,815 | ---- | C] () -- C:\Programme\nvdspCHS.chm
[2007.02.07 18:13:00 | 000,210,619 | ---- | C] () -- C:\Programme\nvdspSKY.chm
[2007.02.07 18:13:00 | 000,209,771 | ---- | C] () -- C:\Programme\nvapi64.dl_
[2007.02.07 18:13:00 | 000,209,645 | ---- | C] () -- C:\Programme\nvdspRUS.chm
[2007.02.07 18:13:00 | 000,207,771 | ---- | C] () -- C:\Programme\nvdspSLV.chm
[2007.02.07 18:13:00 | 000,207,223 | ---- | C] () -- C:\Programme\nvdspHUN.chm
[2007.02.07 18:13:00 | 000,206,647 | ---- | C] () -- C:\Programme\nvdspPLK.chm
[2007.02.07 18:13:00 | 000,206,549 | ---- | C] () -- C:\Programme\nvdspHEB.chm
[2007.02.07 18:13:00 | 000,204,597 | ---- | C] () -- C:\Programme\nvdspTRK.chm
[2007.02.07 18:13:00 | 000,204,403 | ---- | C] () -- C:\Programme\nvdspCSY.chm
[2007.02.07 18:13:00 | 000,201,575 | ---- | C] () -- C:\Programme\nvdspARA.chm
[2007.02.07 18:13:00 | 000,200,469 | ---- | C] () -- C:\Programme\nvdspDEU.chm
[2007.02.07 18:13:00 | 000,199,129 | ---- | C] () -- C:\Programme\nvdspFIN.chm
[2007.02.07 18:13:00 | 000,198,663 | ---- | C] () -- C:\Programme\nvdspITA.chm
[2007.02.07 18:13:00 | 000,196,205 | ---- | C] () -- C:\Programme\nvdspNLD.chm
[2007.02.07 18:13:00 | 000,195,673 | ---- | C] () -- C:\Programme\nvdspPTG.chm
[2007.02.07 18:13:00 | 000,195,361 | ---- | C] () -- C:\Programme\nvdspPTB.chm
[2007.02.07 18:13:00 | 000,193,581 | ---- | C] () -- C:\Programme\nvdspESN.chm
[2007.02.07 18:13:00 | 000,193,463 | ---- | C] () -- C:\Programme\nvdspESM.chm
[2007.02.07 18:13:00 | 000,189,993 | ---- | C] () -- C:\Programme\nvdspFRA.chm
[2007.02.07 18:13:00 | 000,188,933 | ---- | C] () -- C:\Programme\nvdspDAN.chm
[2007.02.07 18:13:00 | 000,187,583 | ---- | C] () -- C:\Programme\nvdspSVE.chm
[2007.02.07 18:13:00 | 000,187,317 | ---- | C] () -- C:\Programme\nvdspNOR.chm
[2007.02.07 18:13:00 | 000,182,726 | ---- | C] () -- C:\Programme\nvdspENG.chm
[2007.02.07 18:13:00 | 000,180,024 | ---- | C] () -- C:\Programme\nvexpbar.dl_
[2007.02.07 18:13:00 | 000,179,765 | ---- | C] () -- C:\Programme\nvmccs.dl_
[2007.02.07 18:13:00 | 000,176,756 | ---- | C] () -- C:\Programme\setup.bmp
[2007.02.07 18:13:00 | 000,174,806 | ---- | C] () -- C:\Programme\nvwks.chm
[2007.02.07 18:13:00 | 000,167,166 | ---- | C] () -- C:\Programme\nvMccsSR.dl_
[2007.02.07 18:13:00 | 000,165,141 | ---- | C] () -- C:\Programme\nvdsp.chm
[2007.02.07 18:13:00 | 000,150,523 | ---- | C] () -- C:\Programme\nvapi.dl_
[2007.02.07 18:13:00 | 000,144,702 | ---- | C] () -- C:\Programme\nvMccsS.dl_
[2007.02.07 18:13:00 | 000,121,583 | ---- | C] () -- C:\Programme\nv3dJPN.chm
[2007.02.07 18:13:00 | 000,118,515 | ---- | C] () -- C:\Programme\nvcpl.chm
[2007.02.07 18:13:00 | 000,116,419 | ---- | C] () -- C:\Programme\nv3dTHA.chm
[2007.02.07 18:13:00 | 000,114,785 | ---- | C] () -- C:\Programme\nv3dKOR.chm
[2007.02.07 18:13:00 | 000,112,929 | ---- | C] () -- C:\Programme\nv3dELL.chm
[2007.02.07 18:13:00 | 000,112,507 | ---- | C] () -- C:\Programme\nv3dCHT.chm
[2007.02.07 18:13:00 | 000,112,329 | ---- | C] () -- C:\Programme\nvcpljpn.chm
[2007.02.07 18:13:00 | 000,111,801 | ---- | C] () -- C:\Programme\nv3dHEB.chm
[2007.02.07 18:13:00 | 000,111,149 | ---- | C] () -- C:\Programme\nvcpltha.chm
[2007.02.07 18:13:00 | 000,110,855 | ---- | C] () -- C:\Programme\nv3dPLK.chm
[2007.02.07 18:13:00 | 000,110,495 | ---- | C] () -- C:\Programme\nvcplell.chm
[2007.02.07 18:13:00 | 000,110,193 | ---- | C] () -- C:\Programme\nv3dARA.chm
[2007.02.07 18:13:00 | 000,109,903 | ---- | C] () -- C:\Programme\nv3dTRK.chm
[2007.02.07 18:13:00 | 000,109,697 | ---- | C] () -- C:\Programme\nv3dSKY.chm
[2007.02.07 18:13:00 | 000,109,653 | ---- | C] () -- C:\Programme\nvcplplk.chm
[2007.02.07 18:13:00 | 000,109,511 | ---- | C] () -- C:\Programme\nvcpltrk.chm
[2007.02.07 18:13:00 | 000,109,375 | ---- | C] () -- C:\Programme\nvcplslv.chm
[2007.02.07 18:13:00 | 000,109,255 | ---- | C] () -- C:\Programme\nv3dRUS.chm
[2007.02.07 18:13:00 | 000,109,143 | ---- | C] () -- C:\Programme\nvcplsky.chm
[2007.02.07 18:13:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplheb.chm
[2007.02.07 18:13:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplfin.chm
[2007.02.07 18:13:00 | 000,108,857 | ---- | C] () -- C:\Programme\nv3dCHS.chm
[2007.02.07 18:13:00 | 000,108,793 | ---- | C] () -- C:\Programme\nvcplhun.chm
[2007.02.07 18:13:00 | 000,108,619 | ---- | C] () -- C:\Programme\nv3dESN.chm
[2007.02.07 18:13:00 | 000,108,587 | ---- | C] () -- C:\Programme\nvcplkor.chm
[2007.02.07 18:13:00 | 000,108,497 | ---- | C] () -- C:\Programme\nvcplcsy.chm
[2007.02.07 18:13:00 | 000,108,491 | ---- | C] () -- C:\Programme\nvcplrus.chm
[2007.02.07 18:13:00 | 000,108,161 | ---- | C] () -- C:\Programme\nv3dDEU.chm
[2007.02.07 18:13:00 | 000,108,159 | ---- | C] () -- C:\Programme\nvcplcht.chm
[2007.02.07 18:13:00 | 000,107,901 | ---- | C] () -- C:\Programme\nv3dCSY.chm
[2007.02.07 18:13:00 | 000,107,787 | ---- | C] () -- C:\Programme\nvcplara.chm
[2007.02.07 18:13:00 | 000,107,715 | ---- | C] () -- C:\Programme\nvcplesn.chm
[2007.02.07 18:13:00 | 000,107,513 | ---- | C] () -- C:\Programme\nv3dSLV.chm
[2007.02.07 18:13:00 | 000,107,365 | ---- | C] () -- C:\Programme\nvcplita.chm
[2007.02.07 18:13:00 | 000,107,051 | ---- | C] () -- C:\Programme\nv3dESM.chm
[2007.02.07 18:13:00 | 000,106,941 | ---- | C] () -- C:\Programme\nvcplchs.chm
[2007.02.07 18:13:00 | 000,106,877 | ---- | C] () -- C:\Programme\nv3dHUN.chm
[2007.02.07 18:13:00 | 000,106,659 | ---- | C] () -- C:\Programme\nvcplptg.chm
[2007.02.07 18:13:00 | 000,106,571 | ---- | C] () -- C:\Programme\nvcplptb.chm
[2007.02.07 18:13:00 | 000,106,513 | ---- | C] () -- C:\Programme\nvcpldeu.chm
[2007.02.07 18:13:00 | 000,106,245 | ---- | C] () -- C:\Programme\nvcplesm.chm
[2007.02.07 18:13:00 | 000,106,081 | ---- | C] () -- C:\Programme\nv3dFIN.chm
[2007.02.07 18:13:00 | 000,105,249 | ---- | C] () -- C:\Programme\nvcplsve.chm
[2007.02.07 18:13:00 | 000,105,211 | ---- | C] () -- C:\Programme\nvcplnld.chm
[2007.02.07 18:13:00 | 000,105,121 | ---- | C] () -- C:\Programme\nvcplfra.chm
[2007.02.07 18:13:00 | 000,105,025 | ---- | C] () -- C:\Programme\nvcplnor.chm
[2007.02.07 18:13:00 | 000,104,809 | ---- | C] () -- C:\Programme\nvcpldan.chm
[2007.02.07 18:13:00 | 000,104,399 | ---- | C] () -- C:\Programme\nv3dITA.chm
[2007.02.07 18:13:00 | 000,104,183 | ---- | C] () -- C:\Programme\nvcpleng.chm
[2007.02.07 18:13:00 | 000,102,981 | ---- | C] () -- C:\Programme\nv3dPTG.chm
[2007.02.07 18:13:00 | 000,102,633 | ---- | C] () -- C:\Programme\nv3dPTB.chm
[2007.02.07 18:13:00 | 000,102,439 | ---- | C] () -- C:\Programme\nv3dDAN.chm
[2007.02.07 18:13:00 | 000,102,065 | ---- | C] () -- C:\Programme\nv3dNLD.chm
[2007.02.07 18:13:00 | 000,101,943 | ---- | C] () -- C:\Programme\nv3dSVE.chm
[2007.02.07 18:13:00 | 000,101,863 | ---- | C] () -- C:\Programme\nv3dFRA.chm
[2007.02.07 18:13:00 | 000,100,923 | ---- | C] () -- C:\Programme\nv3dNOR.chm
[2007.02.07 18:13:00 | 000,099,167 | ---- | C] () -- C:\Programme\nv3dENG.chm
[2007.02.07 18:13:00 | 000,095,638 | ---- | C] () -- C:\Programme\NvColor.ex_
[2007.02.07 18:13:00 | 000,090,934 | ---- | C] () -- C:\Programme\nv3d.chm
[2007.02.07 18:13:00 | 000,068,593 | ---- | C] () -- C:\Programme\setup.skin
[2007.02.07 18:13:00 | 000,060,169 | ---- | C] () -- C:\Programme\nvmobJPN.chm
[2007.02.07 18:13:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobKOR.chm
[2007.02.07 18:13:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobCHT.chm
[2007.02.07 18:13:00 | 000,058,975 | ---- | C] () -- C:\Programme\nvmobTHA.chm
[2007.02.07 18:13:00 | 000,058,433 | ---- | C] () -- C:\Programme\nvmobELL.chm
[2007.02.07 18:13:00 | 000,058,265 | ---- | C] () -- C:\Programme\nvmobHEB.chm
[2007.02.07 18:13:00 | 000,058,009 | ---- | C] () -- C:\Programme\nvmobCHS.chm
[2007.02.07 18:13:00 | 000,057,505 | ---- | C] () -- C:\Programme\nvmobPLK.chm
[2007.02.07 18:13:00 | 000,057,271 | ---- | C] () -- C:\Programme\nvmobARA.chm
[2007.02.07 18:13:00 | 000,057,135 | ---- | C] () -- C:\Programme\nvmobHUN.chm
[2007.02.07 18:13:00 | 000,057,085 | ---- | C] () -- C:\Programme\nvmobTRK.chm
[2007.02.07 18:13:00 | 000,057,065 | ---- | C] () -- C:\Programme\nvmobRUS.chm
[2007.02.07 18:13:00 | 000,057,003 | ---- | C] () -- C:\Programme\nvmobSKY.chm
[2007.02.07 18:13:00 | 000,056,769 | ---- | C] () -- C:\Programme\nvmobSLV.chm
[2007.02.07 18:13:00 | 000,056,641 | ---- | C] () -- C:\Programme\nvmobFIN.chm
[2007.02.07 18:13:00 | 000,056,411 | ---- | C] () -- C:\Programme\nvmobCSY.chm
[2007.02.07 18:13:00 | 000,055,905 | ---- | C] () -- C:\Programme\nvmobITA.chm
[2007.02.07 18:13:00 | 000,055,873 | ---- | C] () -- C:\Programme\nvmobDEU.chm
[2007.02.07 18:13:00 | 000,055,639 | ---- | C] () -- C:\Programme\nvmobPTG.chm
[2007.02.07 18:13:00 | 000,055,539 | ---- | C] () -- C:\Programme\nvmobESM.chm
[2007.02.07 18:13:00 | 000,055,527 | ---- | C] () -- C:\Programme\nvmobESN.chm
[2007.02.07 18:13:00 | 000,055,457 | ---- | C] () -- C:\Programme\nvmobNLD.chm
[2007.02.07 18:13:00 | 000,055,387 | ---- | C] () -- C:\Programme\nvmobSVE.chm
[2007.02.07 18:13:00 | 000,055,351 | ---- | C] () -- C:\Programme\nvmobPTB.chm
[2007.02.07 18:13:00 | 000,055,343 | ---- | C] () -- C:\Programme\nvmobFRA.chm
[2007.02.07 18:13:00 | 000,055,235 | ---- | C] () -- C:\Programme\nvmobNOR.chm
[2007.02.07 18:13:00 | 000,055,183 | ---- | C] () -- C:\Programme\nvmobDAN.chm
[2007.02.07 18:13:00 | 000,054,994 | ---- | C] () -- C:\Programme\nvmob.chm
[2007.02.07 18:13:00 | 000,054,939 | ---- | C] () -- C:\Programme\nvmobENG.chm
[2007.02.07 18:13:00 | 000,038,693 | ---- | C] () -- C:\Programme\NvMCTray.dl_
[2007.02.07 18:13:00 | 000,036,075 | ---- | C] () -- C:\Programme\nvcpl.cp_
[2007.02.07 18:13:00 | 000,035,171 | ---- | C] () -- C:\Programme\nv_disp.inf
[2007.02.07 18:13:00 | 000,033,121 | ---- | C] () -- C:\Programme\nvsvc64.dl_
[2007.02.07 18:13:00 | 000,029,080 | ---- | C] () -- C:\Programme\data1.hdr
[2007.02.07 18:13:00 | 000,025,008 | ---- | C] () -- C:\Programme\NvApps.xm_
[2007.02.07 18:13:00 | 000,011,089 | ---- | C] () -- C:\Programme\NvwsApps.xm_
[2007.02.07 18:13:00 | 000,007,772 | ---- | C] () -- C:\Programme\nvmccsrs.dl_
[2007.02.07 18:13:00 | 000,003,411 | ---- | C] () -- C:\Programme\nvdisp.nvu
[2007.02.07 18:13:00 | 000,000,862 | ---- | C] () -- C:\Programme\setup.ini
[2007.02.07 18:13:00 | 000,000,512 | ---- | C] () -- C:\Programme\data2.cab
[2007.02.07 18:13:00 | 000,000,510 | ---- | C] () -- C:\Programme\layout.bin
[2007.02.07 18:13:00 | 000,000,431 | ---- | C] () -- C:\Programme\setup.iss
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.05.09 05:32:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2010.01.08 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLVPlayer4Free
[2010.01.09 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFLVConverter
[2010.12.12 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Neoretix
[2010.03.22 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.03.22 11:52:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Setup
[2011.11.03 21:46:38 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.02.01 13:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2011.04.03 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avira
[2009.03.17 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DivX
[2011.05.09 05:32:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.19 13:30:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2010.01.08 22:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FLVPlayer4Free
[2010.01.09 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFLVConverter
[2007.02.17 15:58:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2011.04.03 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2011.03.01 16:59:13 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2009.01.10 12:52:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2010.12.12 18:32:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Neoretix
[2007.02.17 15:38:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org2
[2010.03.22 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.03.22 11:52:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Setup
[2007.02.20 20:01:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\teamspeak2
[2007.02.17 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2009.01.14 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.03.22 11:56:12 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2010.11.16 20:55:32 | 002,596,864 | ---- | M] (Neoretix Laboratory) -- C:\Users\user\AppData\Roaming\Neoretix\TubeHunter Ultra\TubeHunter.exe
[2010.03.22 11:53:42 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Users\user\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 13:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 09:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.07 13:29:17 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 09:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.03.07 13:29:17 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 12:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 09:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 12:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 13:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 09:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 12:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 09:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 10:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.04.04 19:02:17 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 09:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 08:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.04.04 19:02:17 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.04.04 19:02:19 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 12:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.04.04 19:02:18 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 12:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 09:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 09:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 12:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 09:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 12:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.19 07:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 10:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 04.11.2011 20:30
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Speedbit Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..browser.search.order.1: "Speedbit Search"
FF - prefs.js..keyword.URL: "http://search.speedbit.com/search.aspx?aff=grbr_0&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/default"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
[2011.04.25 12:09:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 18:37:11 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.02.26 17:22:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.22 16:41:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.26 17:22:25 | 000,000,873 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml
[2011.05.07 10:22:13 | 000,002,342 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml
[2011.09.03 14:04:19 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml
[2011.05.13 19:13:02 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml
[2011.10.12 13:00:25 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml
[2010.06.10 18:37:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell - "" = AutoRun
O33 - MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
[2011.10.12 13:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011.10.12 13:00:09 | 000,172,032 | ---- | C] (Jin Hui    E-mail: jinhui@jcomsoft.com  Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx
[2011.10.12 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2011.04.02 10:49:58 | 000,005,061 | ---- | C] () -- C:\ProgramData\jdhdxjyu.jga
[2010.03.17 13:56:38 | 000,005,048 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.03 21:20:41 | 000,004,913 | ---- | C] () -- C:\ProgramData\mnjemahv.gza
[2010.01.03 20:54:04 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sternchen222 04.11.2011 20:50
Neustart ist erfolgt. Wahnsinn, 3,8 GB wurden entfernt? :eek:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Speedbit Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q=" removed from browser.search.defaulturl
Prefs.js: "Speedbit Search" removed from browser.search.order.1
Prefs.js: "hxxp://search.speedbit.com/search.aspx?aff=grbr_0&q=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "DAEMON Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://www.daemon-search.com/default" removed from browser.startup.homepage
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\7yhd92ub.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\conduit.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icq-search.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7yhd92ub.default\searchplugins\speedbit.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E718888-423F-11D2-876E-00A0C9082467} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}\ deleted successfully.
C:\Users\user\AppData\Local\CDRunner\MSDXM.ocx moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{060a9c05-b08d-11dd-baf3-00138ffc017b}\ not found.
File I:\AutoRun.exe not found.
C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate folder moved successfully.
C:\Program Files (x86)\Common Files\SpeedBit folder moved successfully.
C:\Windows\SysWOW64\AniGIF.ocx moved successfully.
C:\ProgramData\SpeedBit folder moved successfully.
C:\ProgramData\jdhdxjyu.jga moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\ProgramData\mnjemahv.gza moved successfully.
C:\ProgramData\xqkcebzs.dik moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 348385 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: So
->Temp folder emptied: 36591319 bytes
->Temporary Internet Files folder emptied: 12276150 bytes
->Java cache emptied: 1080779 bytes
->FireFox cache emptied: 44135976 bytes
->Flash cache emptied: 1933940 bytes
 
User: user
->Temp folder emptied: 3670233246 bytes
->Temporary Internet Files folder emptied: 5017828 bytes
->Java cache emptied: 39504 bytes
->FireFox cache emptied: 51804629 bytes
->Flash cache emptied: 1124 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73050744 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 106334946 bytes
 
Total Files Cleaned = 3.817,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 11042011_203802

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000002FAF3A918FB3E955B8 not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 04.11.2011 21:12
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

sternchen222 04.11.2011 21:24
Code:
21:20:06.0903 3968        TDSS rootkit removing tool 2.6.15.0 Nov  3 2011 17:15:49
21:20:06.0926 3968        ============================================================
21:20:06.0926 3968        Current date / time: 2011/11/04 21:20:06.0926
21:20:06.0926 3968        SystemInfo:
21:20:06.0926 3968       
21:20:06.0927 3968        OS Version: 6.0.6002 ServicePack: 2.0
21:20:06.0927 3968        Product type: Workstation
21:20:06.0927 3968        ComputerName: PCSO
21:20:06.0927 3968        UserName: user
21:20:06.0927 3968        Windows directory: C:\Windows
21:20:06.0927 3968        System windows directory: C:\Windows
21:20:06.0927 3968        Running under WOW64
21:20:06.0927 3968        Processor architecture: Intel x64
21:20:06.0927 3968        Number of processors: 1
21:20:06.0927 3968        Page size: 0x1000
21:20:06.0927 3968        Boot type: Normal boot
21:20:06.0927 3968        ============================================================
21:20:07.0925 3968        Initialize success
21:20:50.0342 3304        ============================================================
21:20:50.0342 3304        Scan started
21:20:50.0342 3304        Mode: Manual; SigCheck; TDLFS;
21:20:50.0342 3304        ============================================================
21:20:50.0732 3304        acedrv05        (056faaff049ca7237194065423307189) C:\Windows\system32\drivers\acedrv05.sys
21:20:50.0873 3304        acedrv05 ( UnsignedFile.Multi.Generic ) - warning
21:20:50.0873 3304        acedrv05 - detected UnsignedFile.Multi.Generic (1)
21:20:50.0951 3304        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:20:51.0029 3304        ACPI - ok
21:20:51.0107 3304        adp94xx        (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
21:20:51.0201 3304        adp94xx - ok
21:20:51.0279 3304        adpahci        (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
21:20:51.0342 3304        adpahci - ok
21:20:51.0404 3304        adpu160m        (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
21:20:51.0420 3304        adpu160m - ok
21:20:51.0467 3304        adpu320        (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
21:20:51.0482 3304        adpu320 - ok
21:20:51.0592 3304        AFD            (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
21:20:51.0701 3304        AFD - ok
21:20:51.0764 3304        agp440          (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
21:20:51.0779 3304        agp440 - ok
21:20:51.0810 3304        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:20:51.0826 3304        aic78xx - ok
21:20:51.0873 3304        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:20:51.0873 3304        aliide - ok
21:20:51.0920 3304        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:20:51.0920 3304        amdide - ok
21:20:51.0967 3304        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
21:20:52.0139 3304        AmdK8 - ok
21:20:52.0248 3304        arc            (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
21:20:52.0264 3304        arc - ok
21:20:52.0295 3304        arcsas          (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
21:20:52.0310 3304        arcsas - ok
21:20:52.0373 3304        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:52.0435 3304        AsyncMac - ok
21:20:52.0467 3304        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:20:52.0467 3304        atapi - ok
21:20:52.0545 3304        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:20:52.0639 3304        avgntflt - ok
21:20:52.0685 3304        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:20:52.0701 3304        avipbb - ok
21:20:52.0795 3304        blbdrive - ok
21:20:52.0842 3304        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:20:52.0889 3304        bowser - ok
21:20:52.0920 3304        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:20:53.0060 3304        BrFiltLo - ok
21:20:53.0123 3304        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:20:53.0170 3304        BrFiltUp - ok
21:20:53.0201 3304        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:20:53.0389 3304        Brserid - ok
21:20:53.0420 3304        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:20:53.0498 3304        BrSerWdm - ok
21:20:53.0967 3304        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:20:54.0092 3304        BrUsbMdm - ok
21:20:54.0498 3304        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:20:54.0576 3304        BrUsbSer - ok
21:20:54.0732 3304        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:20:54.0842 3304        BTHMODEM - ok
21:20:54.0998 3304        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:20:55.0107 3304        cdfs - ok
21:20:55.0264 3304        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:20:55.0342 3304        cdrom - ok
21:20:55.0389 3304        circlass        (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
21:20:55.0467 3304        circlass - ok
21:20:55.0514 3304        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:20:55.0576 3304        CLFS - ok
21:20:55.0748 3304        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:20:55.0810 3304        cmdide - ok
21:20:56.0435 3304        Compbatt        (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
21:20:56.0467 3304        Compbatt - ok
21:20:56.0498 3304        crcdisk        (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
21:20:56.0514 3304        crcdisk - ok
21:20:56.0639 3304        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:20:56.0701 3304        DfsC - ok
21:20:56.0748 3304        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:20:56.0764 3304        disk - ok
21:20:56.0826 3304        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:20:56.0873 3304        drmkaud - ok
21:20:56.0904 3304        dump_wmimmc - ok
21:20:56.0967 3304        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:20:57.0045 3304        DXGKrnl - ok
21:20:57.0357 3304        E1G60          (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:20:57.0435 3304        E1G60 - ok
21:20:57.0717 3304        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:20:57.0764 3304        Ecache - ok
21:20:57.0873 3304        elxstor        (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
21:20:57.0920 3304        elxstor - ok
21:20:58.0045 3304        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:20:58.0092 3304        exfat - ok
21:20:58.0154 3304        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:20:58.0201 3304        fastfat - ok
21:20:58.0279 3304        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:20:58.0342 3304        fdc - ok
21:20:58.0420 3304        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:20:58.0467 3304        FileInfo - ok
21:20:58.0514 3304        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:20:58.0576 3304        Filetrace - ok
21:20:58.0654 3304        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:58.0701 3304        flpydisk - ok
21:20:58.0826 3304        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:20:58.0857 3304        FltMgr - ok
21:20:58.0951 3304        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
21:20:58.0982 3304        Fs_Rec - ok
21:20:59.0060 3304        gagp30kx        (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
21:20:59.0076 3304        gagp30kx - ok
21:20:59.0185 3304        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
21:20:59.0248 3304        HdAudAddService - ok
21:20:59.0326 3304        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:20:59.0404 3304        HDAudBus - ok
21:20:59.0545 3304        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:20:59.0639 3304        HidBth - ok
21:20:59.0842 3304        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:20:59.0935 3304        HidIr - ok
21:21:00.0107 3304        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:21:00.0170 3304        HidUsb - ok
21:21:00.0217 3304        HpCISSs        (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
21:21:00.0232 3304        HpCISSs - ok
21:21:00.0435 3304        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:21:00.0514 3304        HTTP - ok
21:21:00.0607 3304        i2omp          (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
21:21:00.0623 3304        i2omp - ok
21:21:00.0670 3304        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:21:00.0717 3304        i8042prt - ok
21:21:00.0764 3304        iaStorV        (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
21:21:00.0779 3304        iaStorV - ok
21:21:00.0842 3304        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:21:00.0857 3304        iirsp - ok
21:21:00.0920 3304        IntcAzAudAddService - ok
21:21:00.0967 3304        intelide        (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
21:21:00.0998 3304        intelide - ok
21:21:01.0029 3304        intelppm        (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys
21:21:01.0107 3304        intelppm - ok
21:21:01.0154 3304        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:01.0201 3304        IpFilterDriver - ok
21:21:01.0217 3304        IpInIp - ok
21:21:01.0264 3304        IPMIDRV        (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
21:21:01.0326 3304        IPMIDRV - ok
21:21:01.0435 3304        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:21:01.0514 3304        IPNAT - ok
21:21:01.0654 3304        irda            (86583188c7157ffda249529423fc3e6f) C:\Windows\system32\DRIVERS\irda.sys
21:21:01.0717 3304        irda - ok
21:21:01.0764 3304        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:21:01.0810 3304        IRENUM - ok
21:21:01.0951 3304        irsir          (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
21:21:01.0998 3304        irsir - ok
21:21:02.0045 3304        isapnp          (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
21:21:02.0060 3304        isapnp - ok
21:21:02.0154 3304        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:21:02.0170 3304        iScsiPrt - ok
21:21:02.0232 3304        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:21:02.0248 3304        iteatapi - ok
21:21:02.0279 3304        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:21:02.0310 3304        iteraid - ok
21:21:02.0342 3304        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:02.0373 3304        kbdclass - ok
21:21:02.0467 3304        kbdhid          (2b08052372c1f0dffc31cdd6e5abc4b5) C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:02.0545 3304        kbdhid - ok
21:21:02.0685 3304        KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
21:21:02.0764 3304        KSecDD - ok
21:21:02.0967 3304        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:21:03.0045 3304        ksthunk - ok
21:21:03.0139 3304        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:21:03.0201 3304        lltdio - ok
21:21:03.0264 3304        LSI_FC          (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
21:21:03.0279 3304        LSI_FC - ok
21:21:03.0310 3304        LSI_SAS        (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
21:21:03.0326 3304        LSI_SAS - ok
21:21:03.0357 3304        LSI_SCSI        (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
21:21:03.0389 3304        LSI_SCSI - ok
21:21:03.0529 3304        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:21:03.0592 3304        luafv - ok
21:21:03.0639 3304        megasas        (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
21:21:03.0654 3304        megasas - ok
21:21:03.0717 3304        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:21:03.0779 3304        Modem - ok
21:21:03.0842 3304        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:21:03.0935 3304        monitor - ok
21:21:04.0045 3304        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:21:04.0060 3304        mouclass - ok
21:21:04.0139 3304        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:21:04.0170 3304        mouhid - ok
21:21:04.0232 3304        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:21:04.0264 3304        MountMgr - ok
21:21:04.0295 3304        mpio            (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
21:21:04.0326 3304        mpio - ok
21:21:04.0389 3304        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:21:04.0435 3304        mpsdrv - ok
21:21:04.0529 3304        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:21:04.0545 3304        Mraid35x - ok
21:21:04.0576 3304        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:21:04.0639 3304        MRxDAV - ok
21:21:04.0701 3304        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:04.0748 3304        mrxsmb - ok
21:21:04.0810 3304        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:04.0873 3304        mrxsmb10 - ok
21:21:04.0935 3304        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:04.0982 3304        mrxsmb20 - ok
21:21:05.0029 3304        msahci          (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
21:21:05.0045 3304        msahci - ok
21:21:05.0092 3304        msdsm          (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
21:21:05.0107 3304        msdsm - ok
21:21:05.0170 3304        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:21:05.0217 3304        Msfs - ok
21:21:05.0389 3304        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:21:05.0404 3304        msisadrv - ok
21:21:05.0467 3304        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:21:05.0529 3304        MSKSSRV - ok
21:21:05.0560 3304        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:05.0607 3304        MSPCLOCK - ok
21:21:05.0639 3304        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:21:05.0685 3304        MSPQM - ok
21:21:05.0842 3304        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:21:05.0889 3304        MsRPC - ok
21:21:06.0014 3304        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:06.0029 3304        mssmbios - ok
21:21:06.0154 3304        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:21:06.0248 3304        MSTEE - ok
21:21:06.0279 3304        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:21:06.0295 3304        Mup - ok
21:21:06.0404 3304        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:21:06.0467 3304        NativeWifiP - ok
21:21:06.0576 3304        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:21:06.0607 3304        NDIS - ok
21:21:06.0764 3304        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:06.0842 3304        NdisTapi - ok
21:21:06.0873 3304        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:06.0935 3304        Ndisuio - ok
21:21:06.0998 3304        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:07.0045 3304        NdisWan - ok
21:21:07.0092 3304        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:21:07.0139 3304        NDProxy - ok
21:21:07.0279 3304        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:21:07.0357 3304        NetBIOS - ok
21:21:07.0404 3304        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:21:07.0467 3304        netbt - ok
21:21:07.0560 3304        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:21:07.0576 3304        nfrd960 - ok
21:21:07.0701 3304        npf            (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:21:07.0701 3304        npf - ok
21:21:07.0748 3304        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:21:07.0795 3304        Npfs - ok
21:21:07.0810 3304        NPPTNT2 - ok
21:21:07.0873 3304        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:21:07.0920 3304        nsiproxy - ok
21:21:08.0045 3304        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:21:08.0139 3304        Ntfs - ok
21:21:08.0295 3304        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:21:08.0357 3304        Null - ok
21:21:08.0451 3304        NVENETFD        (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
21:21:08.0514 3304        NVENETFD - ok
21:21:09.0217 3304        nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:09.0920 3304        nvlddmkm - ok
21:21:10.0045 3304        NVNET          (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
21:21:10.0076 3304        NVNET - ok
21:21:10.0139 3304        nvraid          (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
21:21:10.0154 3304        nvraid - ok
21:21:10.0185 3304        nvstor          (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
21:21:10.0201 3304        nvstor - ok
21:21:10.0232 3304        nvstor64        (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
21:21:10.0248 3304        nvstor64 - ok
21:21:10.0295 3304        nv_agp          (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
21:21:10.0310 3304        nv_agp - ok
21:21:10.0326 3304        NwlnkFlt - ok
21:21:10.0357 3304        NwlnkFwd - ok
21:21:10.0404 3304        ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
21:21:10.0467 3304        ohci1394 - ok
21:21:10.0529 3304        Parport        (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
21:21:10.0560 3304        Parport - ok
21:21:10.0607 3304        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:21:10.0623 3304        partmgr - ok
21:21:10.0670 3304        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:21:10.0701 3304        pci - ok
21:21:10.0732 3304        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:21:10.0748 3304        pciide - ok
21:21:10.0779 3304        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:21:10.0810 3304        pcmcia - ok
21:21:10.0857 3304        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:21:10.0967 3304        PEAUTH - ok
21:21:11.0139 3304        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:21:11.0185 3304        PptpMiniport - ok
21:21:11.0217 3304        Processor      (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
21:21:11.0295 3304        Processor - ok
21:21:11.0373 3304        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:21:11.0404 3304        PSched - ok
21:21:11.0451 3304        ql2300          (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
21:21:11.0545 3304        ql2300 - ok
21:21:11.0592 3304        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:21:11.0607 3304        ql40xx - ok
21:21:11.0654 3304        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:21:11.0701 3304        QWAVEdrv - ok
21:21:11.0748 3304        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:21:11.0795 3304        RasAcd - ok
21:21:11.0889 3304        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:11.0935 3304        Rasl2tp - ok
21:21:11.0998 3304        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:12.0060 3304        RasPppoe - ok
21:21:12.0107 3304        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:21:12.0123 3304        RasSstp - ok
21:21:12.0170 3304        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:21:12.0217 3304        rdbss - ok
21:21:12.0264 3304        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:12.0295 3304        RDPCDD - ok
21:21:12.0357 3304        rdpdr          (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
21:21:12.0451 3304        rdpdr - ok
21:21:12.0498 3304        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:21:12.0545 3304        RDPENCDD - ok
21:21:12.0592 3304        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
21:21:12.0639 3304        RDPWD - ok
21:21:12.0748 3304        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:21:12.0810 3304        rspndr - ok
21:21:12.0857 3304        s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
21:21:12.0873 3304        s0016bus - ok
21:21:12.0920 3304        s0016mdfl      (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:21:12.0920 3304        s0016mdfl - ok
21:21:12.0967 3304        s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
21:21:12.0982 3304        s0016mdm - ok
21:21:13.0029 3304        s0016mgmt      (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:21:13.0045 3304        s0016mgmt - ok
21:21:13.0107 3304        s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
21:21:13.0107 3304        s0016nd5 - ok
21:21:13.0139 3304        s0016obex      (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
21:21:13.0154 3304        s0016obex - ok
21:21:13.0185 3304        s0016unic      (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
21:21:13.0217 3304        s0016unic - ok
21:21:13.0295 3304        s1018bus        (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
21:21:13.0310 3304        s1018bus - ok
21:21:13.0357 3304        s1018mdfl      (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
21:21:13.0357 3304        s1018mdfl - ok
21:21:13.0404 3304        s1018mdm        (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
21:21:13.0420 3304        s1018mdm - ok
21:21:13.0529 3304        s1018mgmt      (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
21:21:13.0545 3304        s1018mgmt - ok
21:21:13.0592 3304        s1018nd5        (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
21:21:13.0607 3304        s1018nd5 - ok
21:21:13.0639 3304        s1018obex      (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
21:21:13.0654 3304        s1018obex - ok
21:21:13.0685 3304        s1018unic      (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
21:21:13.0701 3304        s1018unic - ok
21:21:13.0748 3304        s3017bus        (d6e1d780fe3fe014ccac83c2cf961067) C:\Windows\system32\DRIVERS\s3017bus.sys
21:21:13.0764 3304        s3017bus - ok
21:21:13.0826 3304        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:21:13.0842 3304        sbp2port - ok
21:21:13.0904 3304        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:21:13.0967 3304        secdrv - ok
21:21:14.0029 3304        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
21:21:14.0076 3304        Serenum - ok
21:21:14.0107 3304        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
21:21:14.0170 3304        Serial - ok
21:21:14.0217 3304        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:21:14.0279 3304        sermouse - ok
21:21:14.0342 3304        sffdisk        (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
21:21:14.0404 3304        sffdisk - ok
21:21:14.0451 3304        sffp_mmc        (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
21:21:14.0529 3304        sffp_mmc - ok
21:21:14.0576 3304        sffp_sd        (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
21:21:14.0639 3304        sffp_sd - ok
21:21:14.0685 3304        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:21:14.0764 3304        sfloppy - ok
21:21:14.0826 3304        SiSRaid2        (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
21:21:14.0842 3304        SiSRaid2 - ok
21:21:14.0873 3304        SiSRaid4        (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
21:21:14.0889 3304        SiSRaid4 - ok
21:21:14.0951 3304        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:21:15.0014 3304        Smb - ok
21:21:15.0092 3304        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:21:15.0107 3304        spldr - ok
21:21:15.0185 3304        sptd            (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\System32\Drivers\sptd.sys
21:21:15.0264 3304        sptd - ok
21:21:15.0373 3304        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:21:15.0467 3304        srv - ok
21:21:15.0545 3304        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:21:15.0592 3304        srv2 - ok
21:21:15.0639 3304        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:21:15.0685 3304        srvnet - ok
21:21:15.0764 3304        StillCam        (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
21:21:15.0826 3304        StillCam - ok
21:21:15.0889 3304        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:21:15.0889 3304        swenum - ok
21:21:15.0935 3304        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:21:15.0951 3304        Symc8xx - ok
21:21:15.0982 3304        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:21:15.0998 3304        Sym_hi - ok
21:21:16.0045 3304        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:21:16.0060 3304        Sym_u3 - ok
21:21:16.0154 3304        Tcpip          (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
21:21:16.0279 3304        Tcpip - ok
21:21:16.0357 3304        Tcpip6          (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
21:21:16.0404 3304        Tcpip6 - ok
21:21:16.0467 3304        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:21:16.0498 3304        tcpipreg - ok
21:21:16.0545 3304        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:21:16.0607 3304        TDPIPE - ok
21:21:16.0654 3304        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:21:16.0701 3304        TDTCP - ok
21:21:16.0748 3304        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:21:16.0779 3304        tdx - ok
21:21:16.0826 3304        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:21:16.0842 3304        TermDD - ok
21:21:16.0951 3304        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:16.0998 3304        tssecsrv - ok
21:21:17.0060 3304        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:21:17.0092 3304        tunmp - ok
21:21:17.0185 3304        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:21:17.0232 3304        tunnel - ok
21:21:17.0264 3304        uagp35          (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
21:21:17.0279 3304        uagp35 - ok
21:21:17.0342 3304        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:21:17.0404 3304        udfs - ok
21:21:17.0467 3304        uliagpkx        (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
21:21:17.0482 3304        uliagpkx - ok
21:21:17.0514 3304        uliahci        (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
21:21:17.0529 3304        uliahci - ok
21:21:17.0560 3304        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:21:17.0576 3304        UlSata - ok
21:21:17.0607 3304        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:21:17.0623 3304        ulsata2 - ok
21:21:17.0670 3304        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:21:17.0732 3304        umbus - ok
21:21:17.0795 3304        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:17.0826 3304        usbccgp - ok
21:21:17.0857 3304        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:21:17.0935 3304        usbcir - ok
21:21:17.0998 3304        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:21:18.0045 3304        usbehci - ok
21:21:18.0107 3304        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:21:18.0154 3304        usbhub - ok
21:21:18.0185 3304        usbohci        (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
21:21:18.0217 3304        usbohci - ok
21:21:18.0279 3304        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:21:18.0310 3304        usbprint - ok
21:21:18.0357 3304        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:21:18.0404 3304        usbscan - ok
21:21:18.0451 3304        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:18.0482 3304        USBSTOR - ok
21:21:18.0514 3304        usbuhci        (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:18.0592 3304        usbuhci - ok
21:21:18.0654 3304        vga            (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:18.0717 3304        vga - ok
21:21:18.0764 3304        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:21:18.0826 3304        VgaSave - ok
21:21:18.0857 3304        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:21:18.0873 3304        viaide - ok
21:21:18.0904 3304        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:21:18.0920 3304        volmgr - ok
21:21:18.0982 3304        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:21:19.0014 3304        volmgrx - ok
21:21:19.0076 3304        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:21:19.0107 3304        volsnap - ok
21:21:19.0154 3304        vsmraid        (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
21:21:19.0170 3304        vsmraid - ok
21:21:19.0232 3304        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:21:19.0295 3304        WacomPen - ok
21:21:19.0357 3304        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:19.0389 3304        Wanarp - ok
21:21:19.0404 3304        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:21:19.0435 3304        Wanarpv6 - ok
21:21:19.0482 3304        Wd              (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
21:21:19.0498 3304        Wd - ok
21:21:19.0576 3304        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:21:19.0623 3304        Wdf01000 - ok
21:21:19.0779 3304        WmiAcpi        (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
21:21:19.0842 3304        WmiAcpi - ok
21:21:19.0935 3304        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:21:19.0967 3304        WpdUsb - ok
21:21:20.0045 3304        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:21:20.0092 3304        ws2ifsl - ok
21:21:20.0201 3304        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:20.0248 3304        WUDFRd - ok
21:21:20.0310 3304        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:21:22.0857 3304        \Device\Harddisk0\DR0 - ok
21:21:22.0889 3304        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
21:21:22.0951 3304        \Device\Harddisk1\DR1 - ok
21:21:22.0967 3304        Boot (0x1200)  (90d929beddac5898365126191c00e7a7) \Device\Harddisk0\DR0\Partition0
21:21:22.0967 3304        \Device\Harddisk0\DR0\Partition0 - ok
21:21:22.0998 3304        Boot (0x1200)  (241c17551ce1b961e8d0134eda53dcb4) \Device\Harddisk0\DR0\Partition1
21:21:22.0998 3304        \Device\Harddisk0\DR0\Partition1 - ok
21:21:23.0014 3304        Boot (0x1200)  (c72bd5f223d04729eda4534dbc4c69e0) \Device\Harddisk1\DR1\Partition0
21:21:23.0014 3304        \Device\Harddisk1\DR1\Partition0 - ok
21:21:23.0045 3304        Boot (0x1200)  (a18c3cf2493d8ab7653a08709f0c26cb) \Device\Harddisk1\DR1\Partition1
21:21:23.0045 3304        \Device\Harddisk1\DR1\Partition1 - ok
21:21:23.0060 3304        ============================================================
21:21:23.0060 3304        Scan finished
21:21:23.0060 3304        ============================================================
21:21:23.0076 0824        Detected object count: 1
21:21:23.0076 0824        Actual detected object count: 1
21:21:35.0576 0824        acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:35.0576 0824        acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 04.11.2011 21:27
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sternchen222 04.11.2011 22:32
Es hat nicht richtig mit Combofix geklappt. Ich hab das Programm wie beschrieben durchlaufen lassen. 50 Stufen wurden angezeigt und zwischendurch stand zwei Mal die Meldung "Failed to get data for "Enable LVA". Es kam keine Meldung, dass ein Log-File erstellt wird. Unter C:\Combofix\ finde ich zwar eins, hat aber nur folgenden Inhalt:

Code:
ComboFix 11-11-04.04 - user 04.11.2011  22:00:04.1.1 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1791.809 [GMT 1:00]
ausgeführt von:: C:\Users\So\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Zum Schluss kam, dass der PC nicht manuell neu gestartet werden soll. Er ist dann von allein gebootet. Nachdem ich mich angemeldet habe, öffnete sich wieder das Combofix-Fenster und das ist auf dem Bildschirm wild hin und her gesprungen. Ich habe 15 Minuten gewartet, ob was passiert, danach versucht, zu beenden. War schwierig, ging aber. Danach neu gestartet, gleiches Problem. Habe Combofix erneut ausgeführt, wieder derselbe Vorgang.

Weißt du, was hier schief gelaufen ist?
Ich seh, da steht, dass Avira und Windows Defender an ist. Avira hatte ich vorher deaktiviert. Auch wenn beides aus ist, funktioniert es nicht.

Ich wünsche schon mal eine gute Nacht :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:19 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20