| |
| |||||||
Log-Analyse und Auswertung: Virus/Kazy.mekml.1/Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.07.2011, 14:57
| #1 |
 |  Virus/Kazy.mekml.1/ Hallo leute, brauche dringend eure hilfe, bin selbst erst 15 und habe mir soeben einen virus eingefangen, nun sind alle meine dateien unsichtbar. auf grund der ''symptome'' denk ich es handelt sich um Kazy.mekml.1. Habe das sytem darauf hin mit OTL gescannt, weiss aber jetzt nicht mehr weiter. OTL:OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.07.2011 15:28:56 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,86% Memory free 8,00 Gb Paging File | 6,40 Gb Available in Paging File | 80,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39,90 Gb Total Space | 0,50 Gb Free Space | 1,27% Space Free | Partition Type: NTFS Drive D: | 425,76 Gb Total Space | 190,32 Gb Free Space | 44,70% Space Free | Partition Type: NTFS Computer Name: BLURSCH-PC | User Name: Blursch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\Programme\iTunesHelper.exe (Apple Inc.) PRC - D:\Programme\steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (LVUVC64) Logitech QuickCam Fusion(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 35 7F FA 1F 31 CC 01 [binary data] IE - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programme\Mozilla\components [2011.06.29 11:03:49 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programme\Mozilla\plugins [2011.05.06 22:20:07 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\Mozilla\components [2011.06.29 11:03:49 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\Mozilla\plugins [2011.05.06 22:20:07 | 000,000,000 | -H-D | M] [2010.01.30 22:03:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blursch\AppData\Roaming\mozilla\Extensions [2011.05.06 21:59:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blursch\AppData\Roaming\mozilla\Firefox\Profiles\qxk6sj2x.default\extensions [2010.06.25 13:38:21 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Blursch\AppData\Roaming\mozilla\Firefox\Profiles\qxk6sj2x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} File not found (No name found) -- [2011.06.19 12:42:22 | 000,000,000 | -H-D | M] (Java Console) -- D:\PROGRAMME\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iTunesHelper] D:\Programme\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] D:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000..\Run: [ICQ] File not found O4 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000..\Run: [rejygLBkhvvh] C:\ProgramData\rejygLBkhvvh.exe (CACE Technologies, Inc.) O4 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000..\Run: [Steam] D:\Programme\steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Blursch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Blursch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - File not found O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\Shell - "" = AutoRun O33 - MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.09 15:07:56 | 000,000,000 | -H-D | C] -- D:\Documents\Simply Super Software [2011.07.09 15:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.07.09 15:00:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2011.07.09 15:00:52 | 000,000,000 | -H-D | C] -- C:\Users\Blursch\AppData\Roaming\Simply Super Software [2011.07.09 15:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.07.09 14:52:17 | 000,000,000 | -H-D | C] -- C:\Users\Blursch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix [2011.07.09 14:52:05 | 000,399,360 | ---- | C] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe [2011.07.09 14:42:49 | 000,491,520 | ---- | C] (CACE Technologies, Inc.) -- C:\ProgramData\rejygLBkhvvh.exe [2011.07.06 17:34:51 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.07.01 23:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.07.01 23:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011.07.01 23:16:43 | 000,000,000 | -H-D | C] -- C:\Users\Blursch\AppData\Local\Google [2011.06.29 13:18:35 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.06.29 13:18:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.06.29 13:18:31 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.06.29 13:18:31 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.06.29 13:18:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.06.29 13:18:31 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.06.29 13:18:30 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.06.29 13:18:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.06.29 13:18:30 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.06.29 13:18:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.06.29 13:18:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.06.29 13:18:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.06.29 13:18:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll [2011.06.29 13:18:30 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.06.29 13:18:30 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.06.29 13:18:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.06.27 19:56:08 | 000,000,000 | -H-D | C] -- C:\Users\Blursch\AppData\Roaming\vlc [2011.06.27 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.06.19 12:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.06.19 12:42:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.06.19 12:42:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.06.19 12:42:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.06.18 09:21:42 | 000,000,000 | -H-D | C] -- D:\Desktop\120_PANA [2011.06.15 14:40:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.06.15 14:40:41 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.06.15 14:40:41 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.06.15 14:40:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.06.15 14:40:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.06.15 14:40:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.06.15 14:40:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.06.15 14:40:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.06.15 14:40:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.06.15 14:40:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.06.15 14:40:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.06.15 14:40:40 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.06.15 14:40:40 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.06.15 14:40:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.06.15 14:38:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.06.15 14:38:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.06.15 14:38:07 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2007.08.13 18:46:00 | 000,102,912 | -H-- | C] (Albert L Faber) -- C:\Users\Blursch\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | -H-- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Blursch\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | -H-- | C] (Un4seen Developments) -- C:\Users\Blursch\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | -H-- | C] (Un4seen Developments) -- C:\Users\Blursch\AppData\Local\bass.dll [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.09 15:21:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.09 15:17:28 | 000,021,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.09 15:17:28 | 000,021,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.09 15:16:35 | 000,000,384 | ---- | M] () -- C:\ProgramData\38133496 [2011.07.09 15:13:06 | 013,885,356 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.09 15:13:06 | 004,279,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.09 15:13:06 | 003,921,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.09 15:13:06 | 003,741,450 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.09 15:13:06 | 000,005,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.09 15:08:57 | 000,000,248 | ---- | M] () -- C:\ProgramData\~38133496 [2011.07.09 15:08:57 | 000,000,200 | ---- | M] () -- C:\ProgramData\~38133496r [2011.07.09 15:07:33 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.09 15:07:32 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011.07.09 15:07:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2011.07.09 15:07:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.09 15:07:18 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.07.09 14:52:24 | 000,000,557 | -H-- | M] () -- D:\Desktop\Windows 7 Fix.lnk [2011.07.09 14:52:05 | 000,399,360 | ---- | M] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe [2011.07.09 14:42:39 | 000,491,520 | ---- | M] (CACE Technologies, Inc.) -- C:\ProgramData\rejygLBkhvvh.exe [2011.07.09 00:33:10 | 000,041,963 | -H-- | M] () -- C:\Users\Blursch\.recently-used.xbel [2011.07.06 17:34:41 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.06.30 13:17:16 | 000,000,824 | -H-- | M] () -- D:\Desktop\ICQ7.5.lnk [2011.06.30 12:42:00 | 000,399,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.29 19:18:11 | 000,001,762 | -H-- | M] () -- D:\Desktop\Crysis2Launcher - Verknüpfung.lnk [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.09 15:00:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.07.09 15:00:55 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.07.09 15:00:55 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.07.09 15:00:55 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.07.09 14:52:24 | 000,000,557 | -H-- | C] () -- D:\Desktop\Windows 7 Fix.lnk [2011.07.09 14:52:18 | 000,000,248 | ---- | C] () -- C:\ProgramData\~38133496 [2011.07.09 14:52:18 | 000,000,200 | ---- | C] () -- C:\ProgramData\~38133496r [2011.07.09 14:52:11 | 000,000,384 | ---- | C] () -- C:\ProgramData\38133496 [2011.07.09 00:33:10 | 000,041,963 | -H-- | C] () -- C:\Users\Blursch\.recently-used.xbel [2011.07.01 23:16:49 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.01 23:16:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.30 13:17:13 | 000,000,824 | -H-- | C] () -- D:\Desktop\ICQ7.5.lnk [2011.05.12 16:04:40 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.18 21:52:53 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.18 21:52:51 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.03.18 21:52:51 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.15 22:06:18 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2010.12.10 22:16:17 | 000,000,080 | RHS- | C] () -- C:\Windows\CT6STET.BIN [2010.11.12 19:05:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.18 14:23:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.05.13 15:42:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2010.04.29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.04.23 18:27:00 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.04.23 18:25:55 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.12 19:02:37 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat [2010.03.03 16:31:49 | 000,001,461 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\RecConfig.xml [2010.02.22 20:25:31 | 000,000,045 | ---- | C] () -- C:\Windows\Caligari.ini [2010.02.11 20:33:40 | 000,652,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2010.02.11 20:33:40 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2010.02.01 18:51:47 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.02.01 18:46:04 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2010.02.01 18:33:35 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.01.30 18:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.08.13 18:46:00 | 000,155,136 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | -H-- | C] () -- C:\Users\Blursch\AppData\Local\no23xwrapper.dll [1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll ========== LOP Check ========== [2011.02.27 21:20:02 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\.minecraft [2010.12.12 21:33:52 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Amazon [2010.10.18 14:23:31 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Atari [2011.06.20 20:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Audacity [2010.03.12 18:54:39 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\avidemux [2010.02.12 21:21:08 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\dBpoweramp [2011.03.22 17:10:54 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.11 17:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\FUEL Demo [2011.07.09 13:38:38 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\go [2011.07.09 00:33:10 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\gtk-2.0 [2011.07.08 14:17:35 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\ICQ [2011.02.03 21:07:16 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\inkscape [2010.10.18 14:18:15 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Leadertech [2010.11.12 21:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\MAGIX [2011.02.27 20:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\ManyCam [2010.10.01 18:26:41 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Need for Speed World [2010.01.30 21:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\OpenOffice.org [2011.07.09 15:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Simply Super Software [2010.05.21 19:05:15 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\TuneUp Software [2010.12.09 15:51:36 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Ubisoft [2010.05.28 21:53:39 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\UDC Profiles [2011.05.21 13:43:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.27 21:20:02 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\.minecraft [2010.02.12 21:21:08 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\AccurateRip [2010.11.17 17:27:38 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Adobe [2010.12.12 21:33:52 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Amazon [2010.08.19 21:42:22 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Apple Computer [2010.10.18 14:23:31 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Atari [2010.12.09 13:48:42 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\ATI [2011.06.20 20:47:50 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Audacity [2010.03.12 18:54:39 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\avidemux [2010.02.12 21:21:08 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\dBpoweramp [2011.03.22 17:10:54 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.11 17:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\FUEL Demo [2011.07.09 13:38:38 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\go [2010.02.22 21:06:13 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Google [2011.07.09 00:33:10 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\gtk-2.0 [2011.07.08 14:17:35 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\ICQ [2010.01.30 18:44:01 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Identities [2011.02.03 21:07:16 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\inkscape [2010.02.11 17:42:10 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\InstallShield [2010.10.18 14:18:15 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Leadertech [2010.01.30 22:06:31 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Macromedia [2010.11.12 21:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\MAGIX [2011.02.27 20:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\ManyCam [2009.07.14 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Media Center Programs [2011.01.30 19:05:35 | 000,000,000 | --SD | M] -- C:\Users\Blursch\AppData\Roaming\Microsoft [2010.01.30 22:03:02 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Mozilla [2010.10.01 18:26:41 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Need for Speed World [2010.01.30 21:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\OpenOffice.org [2011.07.09 15:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Simply Super Software [2011.07.09 15:09:43 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Skype [2011.05.28 16:30:35 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\skypePM [2010.05.21 19:05:15 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\TuneUp Software [2010.12.09 15:51:36 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\Ubisoft [2010.05.28 21:53:39 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\UDC Profiles [2011.06.27 19:58:26 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\vlc [2010.11.03 12:06:13 | 000,000,000 | -H-D | M] -- C:\Users\Blursch\AppData\Roaming\WTablet < %APPDATA%\*.exe /s > [2011.06.07 19:33:50 | 003,080,864 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Blursch\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.03.03 16:27:34 | 000,003,262 | RH-- | M] () -- C:\Users\Blursch\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe [2010.03.03 16:27:34 | 000,010,134 | RH-- | M] () -- C:\Users\Blursch\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < 5. Klicke "Scan" > < 6. 2 reporte werden erstellt: > < OTL.Txt > < Extras.Txt > < End of report > Extras:OTL Logfile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.07.2011 15:28:56 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,86% Memory free
8,00 Gb Paging File | 6,40 Gb Available in Paging File | 80,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,90 Gb Total Space | 0,50 Gb Free Space | 1,27% Space Free | Partition Type: NTFS
Drive D: | 425,76 Gb Total Space | 190,32 Gb Free Space | 44,70% Space Free | Partition Type: NTFS
Computer Name: BLURSCH-PC | User Name: Blursch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{ED066E02-C49A-D5D9-7ACD-1014EB7571D1}" = ccc-utility64
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GSview 4.9" = GSview 4.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pen Tablet Driver" = Bamboo
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}" = MAGIX Speed burnR (MSI)
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 SE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7599D727-D478-47DC-BD2E-7EC6AC2BBF21}" = FUEL Demo
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{96ED9087-7A6A-22A9-135F-901AF77474AC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C6E6B1D1-EC88-7270-3819-AA924908CFDA}" = Catalyst Control Center Graphics Previews Vista
"{C7027BD9-C90F-79C7-8CFF-8F32E2806631}" = CCC Help English
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}" = MAGIX Screenshare
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8365857-3233-E29E-65C6-6C0AB4F99622}" = Catalyst Control Center Graphics Previews Common
"{FEBC7B8D-BC69-46F7-A872-7698D03127C8}" = DiRT Demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"CCleaner" = CCleaner
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"Drumaxx" = Drumaxx
"EADM" = EA Download Manager
"FL Studio 9.8" = FL Studio 9.8
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.5
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Inkscape" = Inkscape 0.48.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 D" = MAGIX Music Maker 15 15.0.1.11 (D)
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Music Maker Techno Edition 3 Trial D" = MAGIX Music Maker Techno Edition 3 Trial 5.0.0.1 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_mm17" = MAGIX Music Maker 17 Download-Version
"ManyCam" = ManyCam 2.6.30 (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Sakura" = Sakura
"Sawer" = Sawer
"SopCast" = SopCast 3.2.4
"Steam App 12840" = DiRT 2
"Steam App 12910" = Audiosurf Demo
"Steam App 13140" = America's Army 3
"TmNationsForever_is1" = TmNationsForever
"TmUnitedForever - UVME_is1" = TmUnitedForever - UVME v3.0
"TmUnitedForever_is1" = TmUnitedForever StarEdition
"Toxic Biohazard" = Toxic Biohazard
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.10
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2748084462-2223017203-455614074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.07.2011 07:42:33 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.07.2011 07:42:33 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 09.07.2011 08:29:11 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.07.2011 08:29:11 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.07.2011 08:29:11 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 09.07.2011 08:54:37 | Computer Name = Blursch-PC | Source = VSS | ID = 8194
Description =
Error - 09.07.2011 08:56:43 | Computer Name = Blursch-PC | Source = Application Hang | ID = 1002
Description = Programm 38133496.exe, Version 4.1.0.2001 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11c0 Startzeit:
01cc3e3701968564 Endzeit: 5 Anwendungspfad: C:\ProgramData\38133496.exe Berichts-ID:
Error - 09.07.2011 09:13:02 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.07.2011 09:13:02 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.07.2011 09:13:02 | Computer Name = Blursch-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 20.06.2011 08:38:53 | Computer Name = Blursch-PC | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 21.06.2011 10:02:41 | Computer Name = Blursch-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?06.?2011 um 16:01:14 unerwartet heruntergefahren.
Error - 01.07.2011 17:20:04 | Computer Name = Blursch-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2011 09:53:28 | Computer Name = Blursch-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 07.07.2011 09:59:56 | Computer Name = Blursch-PC | Source = DCOM | ID = 10005
Description =
Error - 07.07.2011 09:59:56 | Computer Name = Blursch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 07.07.2011 09:59:56 | Computer Name = Blursch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 09.07.2011 09:06:31 | Computer Name = Blursch-PC | Source = DCOM | ID = 10005
Description =
Error - 09.07.2011 09:06:31 | Computer Name = Blursch-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 09.07.2011 09:06:31 | Computer Name = Blursch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
< End of report >
habe übrigens windows 7 64-bit. |
|
11.07.2011, 10:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Virus/Kazy.mekml.1/ Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
13.07.2011, 20:01
| #3 |
| | Virus/Kazy.mekml.1/ sry erstmal dass ich so spät antworte. hatte am tag meines ersten posts die schritte der anderen foren befolgt und den trojaner meiner meinung nach erfolgreich ''besiegt''. da ich heute aber erneut eine meldung bekam ( von antivir) das die datei TR/Jorik. G. gefunden wurde ( ebenfalls ein trojaner) meld ich mich nun erneut. habe also malewarebytes geupdated und nun folgenden log :
__________________Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7084 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.07.2011 20:55:16 mbam-log-2011-07-13 (20-55-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 461301 Laufzeit: 1 Stunde(n), 5 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) interssanterweise wurden keine objekte gefunden, hab ich nun einen virus oder nicht ? danke schonmal im vorraus, gruß mirco |
|
13.07.2011, 20:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.07.2011, 20:36
| #5 |
| | Virus/Kazy.mekml.1/ uh ja, hab ich vergessen das müsste gewesen sein bevor ich den virus in quarantäne verschoben hab .Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 7060 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.07.2011 19:29:50 mbam-log-2011-07-09 (19-29-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 169348 Laufzeit: 1 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rejygLBkhvvh (Trojan.FakeAlert) -> Value: rejygLBkhvvh -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\rejyglbkhvvh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Blursch\AppData\Local\Temp\tmp7435.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\38133496.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
13.07.2011, 21:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2748084462-2223017203-455614074-1000..\Run: [rejygLBkhvvh] C:\ProgramData\rejygLBkhvvh.exe (CACE Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\Shell - "" = AutoRun
O33 - MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\Shell\AutoRun\command - "" = G:\pushinst.exe
[2011.07.09 14:52:17 | 000,000,000 | -H-D | C] -- C:\Users\Blursch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
[2011.07.09 14:52:05 | 000,399,360 | ---- | C] (CACE Technologies, Inc.) -- C:\ProgramData\38133496.exe
[2011.07.09 14:42:49 | 000,491,520 | ---- | C] (CACE Technologies, Inc.) -- C:\ProgramData\rejygLBkhvvh.exe
[2011.07.09 15:16:35 | 000,000,384 | ---- | M] () -- C:\ProgramData\38133496
[2011.07.09 15:08:57 | 000,000,248 | ---- | M] () -- C:\ProgramData\~38133496
[2011.07.09 15:08:57 | 000,000,200 | ---- | M] () -- C:\ProgramData\~38133496r
[2011.07.09 15:07:33 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.09 15:07:32 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Virus/Kazy.mekml.1/ |
|
13.07.2011, 21:28
| #7 |
| | Virus/Kazy.mekml.1/ Ist gefixt : ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2748084462-2223017203-455614074-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rejygLBkhvvh not found. File C:\ProgramData\rejygLBkhvvh.exe not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ded257ff-0dc1-11df-a33c-6cf0490b9337}\ not found. File G:\pushinst.exe not found. C:\Users\Blursch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix folder moved successfully. File C:\ProgramData\38133496.exe not found. File C:\ProgramData\rejygLBkhvvh.exe not found. C:\ProgramData\38133496 moved successfully. C:\ProgramData\~38133496 moved successfully. C:\ProgramData\~38133496r moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\gdrv.sys moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07132011_222651 |
|
13.07.2011, 21:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 22:02
| #9 |
| | Virus/Kazy.mekml.1/ 2011/07/13 23:00:31.0522 3396 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/13 23:00:31.0878 3396 ================================================================================ 2011/07/13 23:00:31.0878 3396 SystemInfo: 2011/07/13 23:00:31.0878 3396 2011/07/13 23:00:31.0878 3396 OS Version: 6.1.7600 ServicePack: 0.0 2011/07/13 23:00:31.0878 3396 Product type: Workstation 2011/07/13 23:00:31.0878 3396 ComputerName: BLURSCH-PC 2011/07/13 23:00:31.0879 3396 UserName: Blursch 2011/07/13 23:00:31.0879 3396 Windows directory: C:\Windows 2011/07/13 23:00:31.0879 3396 System windows directory: C:\Windows 2011/07/13 23:00:31.0879 3396 Running under WOW64 2011/07/13 23:00:31.0879 3396 Processor architecture: Intel x64 2011/07/13 23:00:31.0879 3396 Number of processors: 4 2011/07/13 23:00:31.0879 3396 Page size: 0x1000 2011/07/13 23:00:31.0879 3396 Boot type: Normal boot 2011/07/13 23:00:31.0879 3396 ================================================================================ 2011/07/13 23:00:33.0111 3396 Initialize success 2011/07/13 23:00:35.0604 0740 ================================================================================ 2011/07/13 23:00:35.0604 0740 Scan started 2011/07/13 23:00:35.0605 0740 Mode: Manual; 2011/07/13 23:00:35.0605 0740 ================================================================================ 2011/07/13 23:00:37.0588 0740 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/07/13 23:00:37.0636 0740 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/07/13 23:00:37.0658 0740 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/07/13 23:00:37.0689 0740 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/13 23:00:37.0720 0740 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/13 23:00:37.0746 0740 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/13 23:00:37.0807 0740 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 2011/07/13 23:00:37.0837 0740 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/07/13 23:00:37.0879 0740 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/07/13 23:00:38.0013 0740 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/07/13 23:00:38.0044 0740 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/13 23:00:38.0163 0740 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/13 23:00:38.0259 0740 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/07/13 23:00:38.0294 0740 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/13 23:00:38.0334 0740 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/07/13 23:00:38.0361 0740 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/13 23:00:38.0403 0740 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/07/13 23:00:38.0597 0740 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/07/13 23:00:38.0649 0740 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/07/13 23:00:38.0663 0740 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/13 23:00:38.0690 0740 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/13 23:00:38.0704 0740 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/07/13 23:00:38.0789 0740 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys 2011/07/13 23:00:38.0833 0740 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/13 23:00:38.0871 0740 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 2011/07/13 23:00:38.0900 0740 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/07/13 23:00:38.0933 0740 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/07/13 23:00:38.0961 0740 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/07/13 23:00:39.0014 0740 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/13 23:00:39.0075 0740 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/13 23:00:39.0108 0740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/13 23:00:39.0134 0740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/13 23:00:39.0156 0740 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/07/13 23:00:39.0181 0740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/13 23:00:39.0201 0740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/13 23:00:39.0216 0740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/13 23:00:39.0235 0740 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/13 23:00:39.0271 0740 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/13 23:00:39.0316 0740 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/13 23:00:39.0338 0740 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/13 23:00:39.0372 0740 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/07/13 23:00:39.0431 0740 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/13 23:00:39.0449 0740 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/07/13 23:00:39.0477 0740 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/07/13 23:00:39.0501 0740 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/13 23:00:39.0531 0740 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/07/13 23:00:39.0659 0740 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/13 23:00:39.0699 0740 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2011/07/13 23:00:39.0757 0740 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 2011/07/13 23:00:39.0776 0740 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/07/13 23:00:39.0825 0740 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/07/13 23:00:39.0874 0740 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/07/13 23:00:39.0915 0740 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/13 23:00:39.0991 0740 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/07/13 23:00:40.0076 0740 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/13 23:00:40.0101 0740 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/07/13 23:00:40.0131 0740 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/07/13 23:00:40.0175 0740 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/07/13 23:00:40.0213 0740 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/13 23:00:40.0236 0740 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/07/13 23:00:40.0273 0740 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/07/13 23:00:40.0308 0740 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/13 23:00:40.0343 0740 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/07/13 23:00:40.0370 0740 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/07/13 23:00:40.0394 0740 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/13 23:00:40.0431 0740 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/13 23:00:40.0501 0740 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 2011/07/13 23:00:40.0548 0740 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/13 23:00:40.0590 0740 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/13 23:00:40.0658 0740 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys 2011/07/13 23:00:40.0697 0740 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/13 23:00:40.0734 0740 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/07/13 23:00:40.0781 0740 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/13 23:00:40.0805 0740 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/13 23:00:40.0827 0740 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/13 23:00:40.0845 0740 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/13 23:00:40.0906 0740 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/13 23:00:40.0927 0740 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/07/13 23:00:40.0961 0740 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/07/13 23:00:40.0991 0740 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/13 23:00:41.0011 0740 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/13 23:00:41.0048 0740 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/07/13 23:00:41.0086 0740 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/13 23:00:41.0152 0740 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys 2011/07/13 23:00:41.0194 0740 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/07/13 23:00:41.0226 0740 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/13 23:00:41.0258 0740 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/13 23:00:41.0275 0740 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/07/13 23:00:41.0290 0740 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/07/13 23:00:41.0341 0740 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/07/13 23:00:41.0357 0740 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/07/13 23:00:41.0383 0740 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/13 23:00:41.0425 0740 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys 2011/07/13 23:00:41.0457 0740 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/13 23:00:41.0475 0740 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/13 23:00:41.0496 0740 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/13 23:00:41.0537 0740 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/13 23:00:41.0558 0740 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/07/13 23:00:41.0604 0740 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/13 23:00:41.0638 0740 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/13 23:00:41.0659 0740 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/13 23:00:41.0674 0740 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/13 23:00:41.0690 0740 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/13 23:00:41.0733 0740 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/07/13 23:00:41.0809 0740 lvpopf64 (ce6e5146039d248feb991fbc9e2b6a7b) C:\Windows\system32\DRIVERS\lvpopf64.sys 2011/07/13 23:00:41.0863 0740 LVUSBS64 (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\Windows\system32\drivers\LVUSBS64.sys 2011/07/13 23:00:41.0924 0740 LVUVC64 (eb12688842ede30c843a123fa6855858) C:\Windows\system32\DRIVERS\lvuvc64.sys 2011/07/13 23:00:42.0009 0740 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys 2011/07/13 23:00:42.0053 0740 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/13 23:00:42.0073 0740 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/13 23:00:42.0101 0740 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/07/13 23:00:42.0127 0740 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/13 23:00:42.0175 0740 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/13 23:00:42.0212 0740 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/13 23:00:42.0230 0740 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/07/13 23:00:42.0245 0740 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/07/13 23:00:42.0267 0740 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/13 23:00:42.0284 0740 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/13 23:00:42.0336 0740 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/13 23:00:42.0473 0740 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/13 23:00:42.0496 0740 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/13 23:00:42.0527 0740 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/07/13 23:00:42.0548 0740 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/07/13 23:00:42.0583 0740 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/07/13 23:00:42.0605 0740 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/13 23:00:42.0626 0740 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/07/13 23:00:42.0657 0740 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/13 23:00:42.0686 0740 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/13 23:00:42.0705 0740 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/07/13 23:00:42.0740 0740 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/07/13 23:00:42.0777 0740 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/13 23:00:42.0804 0740 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/07/13 23:00:42.0826 0740 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/13 23:00:42.0880 0740 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/07/13 23:00:42.0933 0740 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/13 23:00:42.0998 0740 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/07/13 23:00:43.0058 0740 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/13 23:00:43.0082 0740 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/13 23:00:43.0104 0740 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/13 23:00:43.0129 0740 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/13 23:00:43.0148 0740 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/07/13 23:00:43.0181 0740 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/13 23:00:43.0200 0740 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/13 23:00:43.0256 0740 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/13 23:00:43.0280 0740 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/07/13 23:00:43.0301 0740 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/13 23:00:43.0358 0740 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/07/13 23:00:43.0395 0740 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/07/13 23:00:43.0418 0740 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys 2011/07/13 23:00:43.0446 0740 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys 2011/07/13 23:00:43.0481 0740 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/07/13 23:00:43.0516 0740 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/07/13 23:00:43.0548 0740 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/07/13 23:00:43.0571 0740 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/13 23:00:43.0601 0740 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/07/13 23:00:43.0620 0740 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/07/13 23:00:43.0645 0740 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/07/13 23:00:43.0660 0740 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/07/13 23:00:43.0692 0740 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/13 23:00:43.0715 0740 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/07/13 23:00:43.0745 0740 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/07/13 23:00:43.0851 0740 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/13 23:00:43.0867 0740 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/07/13 23:00:43.0906 0740 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/13 23:00:43.0960 0740 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/13 23:00:43.0987 0740 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/13 23:00:44.0016 0740 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/13 23:00:44.0049 0740 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/13 23:00:44.0086 0740 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/13 23:00:44.0106 0740 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/13 23:00:44.0130 0740 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/13 23:00:44.0151 0740 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/13 23:00:44.0174 0740 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/13 23:00:44.0198 0740 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/13 23:00:44.0212 0740 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/13 23:00:44.0238 0740 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2011/07/13 23:00:44.0265 0740 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/13 23:00:44.0286 0740 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/13 23:00:44.0308 0740 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/07/13 23:00:44.0356 0740 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/07/13 23:00:44.0416 0740 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/13 23:00:44.0459 0740 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys 2011/07/13 23:00:44.0515 0740 RTL8167 (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/07/13 23:00:44.0550 0740 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/07/13 23:00:44.0579 0740 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/07/13 23:00:44.0601 0740 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/13 23:00:44.0628 0740 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/07/13 23:00:44.0660 0740 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/13 23:00:44.0679 0740 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/07/13 23:00:44.0703 0740 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/13 23:00:44.0732 0740 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/07/13 23:00:44.0749 0740 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/07/13 23:00:44.0761 0740 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/07/13 23:00:44.0778 0740 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/13 23:00:44.0819 0740 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/13 23:00:44.0846 0740 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/13 23:00:44.0860 0740 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/07/13 23:00:44.0897 0740 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/07/13 23:00:44.0942 0740 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 2011/07/13 23:00:44.0974 0740 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/13 23:00:45.0021 0740 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/13 23:00:45.0075 0740 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/13 23:00:45.0112 0740 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/07/13 23:00:45.0134 0740 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2011/07/13 23:00:45.0150 0740 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/13 23:00:45.0230 0740 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys 2011/07/13 23:00:45.0291 0740 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/13 23:00:45.0325 0740 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/13 23:00:45.0346 0740 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/07/13 23:00:45.0371 0740 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/07/13 23:00:45.0394 0740 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/13 23:00:45.0417 0740 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/13 23:00:45.0489 0740 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/13 23:00:45.0520 0740 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/13 23:00:45.0552 0740 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/13 23:00:45.0574 0740 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/13 23:00:45.0619 0740 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/07/13 23:00:45.0657 0740 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/13 23:00:45.0691 0740 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/13 23:00:45.0737 0740 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2011/07/13 23:00:45.0780 0740 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/13 23:00:45.0812 0740 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/07/13 23:00:45.0848 0740 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/13 23:00:45.0893 0740 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/13 23:00:45.0930 0740 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 2011/07/13 23:00:45.0962 0740 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/13 23:00:46.0006 0740 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/13 23:00:46.0039 0740 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/13 23:00:46.0076 0740 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 2011/07/13 23:00:46.0114 0740 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/07/13 23:00:46.0161 0740 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/13 23:00:46.0182 0740 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/07/13 23:00:46.0205 0740 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/07/13 23:00:46.0228 0740 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/07/13 23:00:46.0254 0740 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2011/07/13 23:00:46.0289 0740 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/07/13 23:00:46.0307 0740 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/07/13 23:00:46.0333 0740 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/07/13 23:00:46.0363 0740 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/07/13 23:00:46.0404 0740 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/13 23:00:46.0433 0740 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/07/13 23:00:46.0486 0740 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys 2011/07/13 23:00:46.0517 0740 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 2011/07/13 23:00:46.0537 0740 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/13 23:00:46.0605 0740 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys 2011/07/13 23:00:46.0634 0740 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/13 23:00:46.0651 0740 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/13 23:00:46.0703 0740 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/07/13 23:00:46.0736 0740 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/13 23:00:46.0791 0740 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/13 23:00:46.0803 0740 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/07/13 23:00:46.0853 0740 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/13 23:00:46.0900 0740 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/13 23:00:46.0930 0740 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/07/13 23:00:46.0976 0740 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/13 23:00:47.0021 0740 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys 2011/07/13 23:00:47.0048 0740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/07/13 23:00:47.0065 0740 Boot (0x1200) (9187eb4777a525725a41e45367651af6) \Device\Harddisk0\DR0\Partition0 2011/07/13 23:00:47.0081 0740 Boot (0x1200) (6918495658a8b52f81a1d830fdc7c36d) \Device\Harddisk0\DR0\Partition1 2011/07/13 23:00:47.0099 0740 Boot (0x1200) (fc5b2fb5fc14de88b9a5c93a9b3fb815) \Device\Harddisk0\DR0\Partition2 2011/07/13 23:00:47.0102 0740 ================================================================================ 2011/07/13 23:00:47.0102 0740 Scan finished 2011/07/13 23:00:47.0102 0740 ================================================================================ 2011/07/13 23:00:47.0110 2136 Detected object count: 0 2011/07/13 23:00:47.0110 2136 Actual detected object count: 0 |
|
13.07.2011, 22:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 22:26
| #11 |
| | Virus/Kazy.mekml.1/ Combofix Logfile: Code:
ATTFilter ComboFix 11-07-13.03 - Blursch 13.07.2011 23:16:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2783 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Blursch\AppData\Local\lame_enc.dll
c:\users\Blursch\AppData\Local\no23xwrapper.dll
c:\users\Blursch\AppData\Local\ogg.dll
c:\users\Blursch\AppData\Local\vorbis.dll
c:\users\Blursch\AppData\Local\vorbisenc.dll
c:\users\Blursch\AppData\Local\vorbisfile.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-13 bis 2011-07-13 ))))))))))))))))))))))))))))))
.
.
2011-07-13 21:21 . 2011-07-13 21:21 25640 ----a-w- c:\windows\gdrv.sys
2011-07-13 21:20 . 2011-07-13 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 10:37 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79233F31-7CDE-4934-838F-5262189D8E2B}\mpengine.dll
2011-07-09 17:26 . 2011-07-09 17:26 -------- d-----w- c:\users\Blursch\AppData\Roaming\Malwarebytes
2011-07-09 17:26 . 2011-07-09 17:26 -------- d-----w- c:\programdata\Malwarebytes
2011-07-09 17:26 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-09 17:26 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-09 13:00 . 2006-06-19 11:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-07-09 13:00 . 2006-05-25 13:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-07-09 13:00 . 2005-08-25 23:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-07-09 13:00 . 2003-02-02 18:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-07-09 13:00 . 2002-03-05 23:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-07-09 13:00 . 2011-07-09 13:00 -------- d-----w- c:\users\Blursch\AppData\Roaming\Simply Super Software
2011-07-09 13:00 . 2011-07-09 13:00 -------- d-----w- c:\programdata\Simply Super Software
2011-07-06 15:34 . 2011-07-06 15:34 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-01 21:16 . 2011-07-01 21:21 -------- d-----w- c:\program files (x86)\Google
2011-07-01 21:16 . 2011-07-01 21:21 -------- d-----w- c:\users\Blursch\AppData\Local\Google
2011-06-27 17:56 . 2011-07-12 21:59 -------- d-----w- c:\users\Blursch\AppData\Roaming\vlc
2011-06-19 10:42 . 2011-06-19 10:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-15 12:41 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 12:41 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 12:41 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 12:38 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 12:38 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 12:38 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 12:38 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 12:38 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 12:38 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 12:38 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 12:37 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 12:37 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 17:34 . 2011-06-07 17:34 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 05:56 . 2011-07-13 12:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2010-01-30 20:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2011-02-27 19:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-29 15:47 . 2010-10-18 12:23 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-04-22 20:18 . 2011-05-24 17:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="d:\programme\steam\Steam.exe" [2010-11-16 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\programme\iTunesHelper.exe" [2010-12-13 421160]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"TrojanScanner"="d:\program files (x86)\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"iTunesHelper"="d:\programme\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 136176]
R3 ALSysIO;ALSysIO;c:\users\Blursch\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 cpuz130;cpuz130;c:\users\Blursch\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-02-01 30528]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-09-21 5788016]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-09-21 484720]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-01 21:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Blursch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Blursch\AppData\Roaming\Mozilla\Firefox\Profiles\qxk6sj2x.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ICQ - d:\program files (x86)\ICQ7.5\ICQ.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Amazon MP3-Downloader - d:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-ASIO4ALL - d:\program files (x86)\ASIO4ALL v2\uninstall.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - d:\program files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-Avidemux 2.5 - d:\program files (x86)\Avidemux 2.5\uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-EADM - d:\program files (x86)\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-FL Studio 9.8 - d:\program files (x86)\Image-Line\FL Studio 9.8 beta\uninstall.exe
AddRemove-Free 3GP Video Converter_is1 - d:\program files (x86)\DVDVideoSoft\Free 3GP Video Converter\unins000.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to iPod Converter_is1 - d:\program files (x86)\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - d:\program files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Inkscape - d:\program files (x86)\Inkscape\Uninstall.exe
AddRemove-MAGIX Goya burnR D - d:\program files (x86)\Goya_burnR\unwise.exe
AddRemove-MAGIX Music Maker 15 D - d:\program files (x86)\MusicMaker15\unwise.exe
AddRemove-MAGIX Music Maker 16 Premium Download-Version D - c:\program files (x86)\MAGIX\MusicMaker16Premium_Download-Version\unwise.exe
AddRemove-MAGIX Music Maker Techno Edition 3 Trial D - d:\program files (x86)\MAGIX\MusicMakerTechnoEdition3_Download-Version\unwise.exe
AddRemove-MAGIX_MSI_mm17 - d:\program files (x86)\MAGIX\Music_Maker_17_Download-Version\mm17_de-DE_setup.exe
AddRemove-ManyCam - d:\program files (x86)\ManyCam\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Universal Document Converter_is1 - d:\program files (x86)\Universal Document Converter\unins000.exe
AddRemove-VLC media player - d:\program files (x86)\VideoLAN\VLC\uninstall.exe
AddRemove-WinGimp-2.0_is1 - d:\program files (x86)\GIMP-2.0\setup\unins000.exe
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - d:\program files (x86)\PDFCreator\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-13 23:24:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-13 21:24
.
Vor Suchlauf: 3.941.249.024 Bytes frei
Nach Suchlauf: 3.845.058.560 Bytes frei
.
- - End Of File - - 7B34875E4BD3AE52FB9D3D56D415E40D
|
|
13.07.2011, 23:12
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 23:20
| #13 |
| | Virus/Kazy.mekml.1/ MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: GA-770TA-UD3 Logical Drives Mask: 0x0000001d Kernel Drivers (total 206): 0x0360D000 \SystemRoot\system32\ntoskrnl.exe 0x03BE9000 \SystemRoot\system32\hal.dll 0x00BA8000 \SystemRoot\system32\kdcom.dll 0x00CD2000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00CDF000 \SystemRoot\system32\PSHED.dll 0x00CF3000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00D51000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EF5000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F4C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F55000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F5F000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F92000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys 0x00FB4000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E73000 \SystemRoot\system32\DRIVERS\jraid.sys 0x00E93000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x00EC2000 \SystemRoot\System32\drivers\mountmgr.sys 0x00EDC000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys 0x010F5000 \SystemRoot\system32\drivers\fltmgr.sys 0x01141000 \SystemRoot\system32\drivers\fileinfo.sys 0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01155000 \SystemRoot\System32\Drivers\msrpc.sys 0x013A4000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01000000 \SystemRoot\System32\Drivers\cng.sys 0x013BE000 \SystemRoot\System32\drivers\pcw.sys 0x013CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014AA000 \SystemRoot\system32\drivers\ndis.sys 0x0159C000 \SystemRoot\system32\drivers\NETIO.SYS 0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01485000 \SystemRoot\System32\Drivers\spldr.sys 0x011B3000 \SystemRoot\System32\drivers\rdyboost.sys 0x0148D000 \SystemRoot\System32\Drivers\mup.sys 0x0149F000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01856000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01890000 \SystemRoot\system32\DRIVERS\disk.sys 0x018A6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0190C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01936000 \SystemRoot\System32\Drivers\Null.SYS 0x0193F000 \SystemRoot\System32\Drivers\Beep.SYS 0x01946000 \SystemRoot\System32\drivers\vga.sys 0x01954000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01979000 \SystemRoot\System32\drivers\watchdog.sys 0x01989000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01992000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0199B000 \SystemRoot\system32\drivers\rdprefmp.sys 0x019A4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x019AF000 \SystemRoot\System32\Drivers\Npfs.SYS 0x019C0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x019DE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C79000 \SystemRoot\system32\drivers\afd.sys 0x02D02000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D47000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D50000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D76000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D85000 \SystemRoot\system32\DRIVERS\serial.sys 0x02DA2000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DBD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C68000 \SystemRoot\System32\drivers\discache.sys 0x03E0A000 \SystemRoot\system32\drivers\csc.sys 0x03E8D000 \SystemRoot\System32\Drivers\dfsc.sys 0x03EAB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03EBC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03EE2000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x03EF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03F00000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x0485C000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x040AD000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x041A1000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04024000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys 0x04054000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04056000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x041E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x041F4000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x04F38000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04F8E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04F9F000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04FDD000 \SystemRoot\system32\DRIVERS\fdc.sys 0x04FEA000 \SystemRoot\system32\DRIVERS\serenum.sys 0x04800000 \SystemRoot\system32\DRIVERS\parport.sys 0x0481D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0483B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0484A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x040A5000 \SystemRoot\system32\DRIVERS\wacomvhid.sys 0x03F46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS |
|
14.07.2011, 00:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus/Kazy.mekml.1/ Log ist unvollständig. mbrcheck nicht voreilig beenden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2011, 00:08
| #15 |
| | Virus/Kazy.mekml.1/ mhm, verdammt, sry MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: GA-770TA-UD3 Logical Drives Mask: 0x0000001d Kernel Drivers (total 206): 0x0360D000 \SystemRoot\system32\ntoskrnl.exe 0x03BE9000 \SystemRoot\system32\hal.dll 0x00BA8000 \SystemRoot\system32\kdcom.dll 0x00CD2000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00CDF000 \SystemRoot\system32\PSHED.dll 0x00CF3000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00D51000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00CC0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EF5000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F4C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F55000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F5F000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F92000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F9F000 \SystemRoot\System32\drivers\partmgr.sys 0x00FB4000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00E73000 \SystemRoot\system32\DRIVERS\jraid.sys 0x00E93000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x00EC2000 \SystemRoot\System32\drivers\mountmgr.sys 0x00EDC000 \SystemRoot\system32\DRIVERS\atapi.sys 0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys 0x010F5000 \SystemRoot\system32\drivers\fltmgr.sys 0x01141000 \SystemRoot\system32\drivers\fileinfo.sys 0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01155000 \SystemRoot\System32\Drivers\msrpc.sys 0x013A4000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01000000 \SystemRoot\System32\Drivers\cng.sys 0x013BE000 \SystemRoot\System32\drivers\pcw.sys 0x013CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014AA000 \SystemRoot\system32\drivers\ndis.sys 0x0159C000 \SystemRoot\system32\drivers\NETIO.SYS 0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01600000 \SystemRoot\System32\drivers\tcpip.sys 0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01485000 \SystemRoot\System32\Drivers\spldr.sys 0x011B3000 \SystemRoot\System32\drivers\rdyboost.sys 0x0148D000 \SystemRoot\System32\Drivers\mup.sys 0x0149F000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01856000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01890000 \SystemRoot\system32\DRIVERS\disk.sys 0x018A6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0190C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01936000 \SystemRoot\System32\Drivers\Null.SYS 0x0193F000 \SystemRoot\System32\Drivers\Beep.SYS 0x01946000 \SystemRoot\System32\drivers\vga.sys 0x01954000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01979000 \SystemRoot\System32\drivers\watchdog.sys 0x01989000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01992000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0199B000 \SystemRoot\system32\drivers\rdprefmp.sys 0x019A4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x019AF000 \SystemRoot\System32\Drivers\Npfs.SYS 0x019C0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x019DE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C79000 \SystemRoot\system32\drivers\afd.sys 0x02D02000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02D47000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02D50000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D76000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D85000 \SystemRoot\system32\DRIVERS\serial.sys 0x02DA2000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02DBD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02C68000 \SystemRoot\System32\drivers\discache.sys 0x03E0A000 \SystemRoot\system32\drivers\csc.sys 0x03E8D000 \SystemRoot\System32\Drivers\dfsc.sys 0x03EAB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03EBC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03EE2000 \SystemRoot\system32\DRIVERS\amdppm.sys 0x03EF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03F00000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x0485C000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x040AD000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x041A1000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04024000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys 0x04054000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04056000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x041E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x041F4000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x04F38000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04F8E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04F9F000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04FDD000 \SystemRoot\system32\DRIVERS\fdc.sys 0x04FEA000 \SystemRoot\system32\DRIVERS\serenum.sys 0x04800000 \SystemRoot\system32\DRIVERS\parport.sys 0x0481D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0483B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0484A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x040A5000 \SystemRoot\system32\DRIVERS\wacomvhid.sys 0x03F46000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04FF6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03F5F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03F75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03F99000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03FA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03FD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x01800000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03FEF000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x0181A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x040A8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x044C1000 \SystemRoot\system32\DRIVERS\ks.sys 0x04504000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04516000 \SystemRoot\system32\DRIVERS\nusb3hub.sys 0x0452D000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04587000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x04592000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0459F000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys 0x045A7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x045C7000 \SystemRoot\system32\drivers\RtHDMIVX.sys 0x04400000 \SystemRoot\system32\drivers\portcls.sys 0x0443D000 \SystemRoot\system32\drivers\drmk.sys 0x0445F000 \SystemRoot\system32\drivers\ksthunk.sys 0x0640B000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x04470000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0447E000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x065F6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x0448A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x0449D000 \SystemRoot\System32\drivers\Dxapi.sys 0x026BF000 \SystemRoot\system32\DRIVERS\fwlanusb.sys 0x02734000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x02742000 \SystemRoot\system32\DRIVERS\wacmoumonitor.sys 0x0274B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x02768000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x02776000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00430000 \SystemRoot\System32\TSDDD.dll 0x00740000 \SystemRoot\System32\cdd.dll 0x02784000 \SystemRoot\system32\drivers\LVUSBS64.sys 0x008C0000 \SystemRoot\System32\ATMFD.DLL 0x07240000 \SystemRoot\system32\DRIVERS\lvuvc64.sys 0x0282F000 \SystemRoot\system32\DRIVERS\lvpopf64.sys 0x0297A000 \SystemRoot\system32\drivers\usbaudio.sys 0x02995000 \SystemRoot\system32\drivers\luafv.sys 0x029B8000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x029D3000 \SystemRoot\system32\drivers\WudfPf.sys 0x02800000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x0278F000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02815000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x075B1000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0768F000 \SystemRoot\system32\drivers\HTTP.sys 0x07757000 \SystemRoot\system32\DRIVERS\bowser.sys 0x07775000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0778D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x07600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0764E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x02600000 \SystemRoot\system32\drivers\peauth.sys 0x07671000 \SystemRoot\System32\Drivers\secdrv.SYS 0x077BA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x077E7000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08202000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08269000 \SystemRoot\System32\DRIVERS\srv.sys 0x082FE000 \SystemRoot\System32\Drivers\fastfat.SYS 0x08334000 \??\C:\Windows\gdrv.sys 0x0833D000 \??\C:\Windows\system32\drivers\mbam.sys 0x083B8000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x083C3000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x773B0000 \Windows\System32\ntdll.dll 0x47EE0000 \Windows\System32\smss.exe 0xFF6D0000 \Windows\System32\apisetschema.dll 0xFF960000 \Windows\System32\autochk.exe 0x77580000 \Windows\System32\psapi.dll 0xFF540000 \Windows\System32\urlmon.dll 0xFE7B0000 \Windows\System32\shell32.dll 0xFE5A0000 \Windows\System32\ole32.dll 0xFE4C0000 \Windows\System32\advapi32.dll 0xFE450000 \Windows\System32\gdi32.dll 0xFE400000 \Windows\System32\Wldap32.dll 0xFE360000 \Windows\System32\clbcatq.dll 0xFE310000 \Windows\System32\ws2_32.dll 0x77570000 \Windows\System32\normaliz.dll 0xFE0B0000 \Windows\System32\iertutil.dll 0x77290000 \Windows\System32\kernel32.dll 0xFDF80000 \Windows\System32\rpcrt4.dll 0xFDEB0000 \Windows\System32\usp10.dll 0x77190000 \Windows\System32\user32.dll 0xFDD80000 \Windows\System32\wininet.dll 0xFDD00000 \Windows\System32\difxapi.dll 0xFDB20000 \Windows\System32\setupapi.dll 0xFDB10000 \Windows\System32\lpk.dll 0xFDAE0000 \Windows\System32\imm32.dll 0xFDAC0000 \Windows\System32\imagehlp.dll 0xFDAA0000 \Windows\System32\sechost.dll 0xFD990000 \Windows\System32\msctf.dll 0xFD8B0000 \Windows\System32\oleaut32.dll 0xFD8A0000 \Windows\System32\nsi.dll 0xFD800000 \Windows\System32\comdlg32.dll 0xFD760000 \Windows\System32\msvcrt.dll 0xFD6E0000 \Windows\System32\shlwapi.dll 0xFD6A0000 \Windows\System32\cfgmgr32.dll 0xFD660000 \Windows\System32\wintrust.dll 0xFD4F0000 \Windows\System32\crypt32.dll 0xFD480000 \Windows\System32\KernelBase.dll 0xFD3E0000 \Windows\System32\comctl32.dll 0xFD3C0000 \Windows\System32\devobj.dll 0xFD3B0000 \Windows\System32\msasn1.dll 0x75700000 \Windows\SysWOW64\normaliz.dll Processes (total 78): 0 System Idle Process 4 System 280 C:\Windows\System32\smss.exe 420 csrss.exe 472 C:\Windows\System32\wininit.exe 508 csrss.exe 532 C:\Windows\System32\services.exe 556 C:\Windows\System32\lsass.exe 564 C:\Windows\System32\lsm.exe 608 C:\Windows\System32\winlogon.exe 712 C:\Windows\System32\svchost.exe 828 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\atiesrxx.exe 968 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 128 C:\Windows\System32\svchost.exe 844 C:\Windows\System32\svchost.exe 1096 C:\Program Files\Tablet\Pen\Pen_TouchService.exe 1168 C:\Windows\System32\atieclxx.exe 1264 C:\Windows\System32\wisptis.exe 1300 C:\Windows\System32\svchost.exe 1528 C:\Windows\System32\spoolsv.exe 1576 C:\Windows\System32\wisptis.exe 1592 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe 1612 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe 1676 C:\Windows\System32\dwm.exe 1724 C:\Windows\System32\taskhost.exe 1804 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 1812 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1820 C:\Windows\explorer.exe 1912 C:\Windows\System32\svchost.exe 1148 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1320 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1260 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe 1932 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 2060 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe 2116 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe 2148 C:\Windows\SysWOW64\XSrvSetup.exe 2216 C:\Windows\SysWOW64\PnkBstrA.exe 2248 C:\Windows\System32\svchost.exe 2320 C:\Program Files\Tablet\Pen\Pen_Tablet.exe 2432 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe 2760 C:\Program Files\Tablet\Pen\Pen_Tablet.exe 1568 C:\Windows\System32\rundll32.exe 2188 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2400 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe 1640 C:\Program Files\Windows Sidebar\sidebar.exe 3172 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe 3196 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3532 D:\Programme\iTunesHelper.exe 3540 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 4076 D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3704 C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe 3792 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe 3936 C:\Windows\System32\SearchIndexer.exe 3644 C:\Program Files\iPod\bin\iPodService.exe 1520 C:\Program Files\Windows Media Player\wmpnetwk.exe 4152 C:\Windows\System32\svchost.exe 4632 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe 4880 D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 5044 C:\Windows\System32\svchost.exe 4568 C:\Windows\System32\wuauclt.exe 5000 D:\Programme\Mozilla\firefox.exe 4628 D:\ProgramFiles (x86)\ICQ7.5\ICQ.exe 5068 D:\Programme\Mozilla\plugin-container.exe 4060 C:\Windows\System32\audiodg.exe 4916 D:\Programme\iTunes.exe 4776 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe 4008 C:\Windows\System32\conhost.exe 3248 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe 1504 C:\Windows\System32\conhost.exe 1136 C:\Windows\System32\dllhost.exe 4028 C:\Windows\System32\SearchProtocolHost.exe 4980 C:\Windows\System32\SearchFilterHost.exe 312 C:\Windows\System32\prevhost.exe 4592 D:\Desktop\TOOLS\MBRCheck.exe 4556 C:\Windows\System32\conhost.exe 1128 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000a`00000000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD502HJ, Rev: 1AJ100E4 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
| Themen zu Virus/Kazy.mekml.1/ |
| 4d36e972-e325-11ce-bfc1-08002be10318, 64-bit, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, desktop, dringend, error, extras.txt, fehler, format, google earth, home, kazy.mekml.1, langs, logfile, mozilla, mp3, nvstor.sys, object, otl.txt, plug-in, prozess, realtek, registry, rundll, schattenkopien, sched.exe, shortcut, sketchup, software, start menu, stick, studio, super, syswow64, trojaner, usb, version=1.0, video converter, virus, webcheck, windows, windows 7 64-bit, wrapper |
Linear-Darstellung
