| |
| |||||||
Log-Analyse und Auswertung: TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.11.2011, 20:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.11.2011, 21:36
| #17 |
 | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Code:
ATTFilter OTL logfile created on: 02.11.2011 21:23:04 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 76,89% Memory free 15,96 Gb Paging File | 13,87 Gb Available in Paging File | 86,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 120,18 Gb Total Space | 22,94 Gb Free Space | 19,09% Space Free | Partition Type: NTFS Drive D: | 257,59 Gb Total Space | 257,45 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive F: | 87,89 Gb Total Space | 87,80 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive G: | 7,89 Gb Total Space | 6,75 Gb Free Space | 85,53% Space Free | Partition Type: NTFS Drive H: | 246,50 Mb Total Space | 84,99 Mb Free Space | 34,48% Space Free | Partition Type: FAT32 Drive J: | 3,94 Gb Total Space | 2,98 Gb Free Space | 75,58% Space Free | Partition Type: FAT32 Drive K: | 931,51 Gb Total Space | 194,55 Gb Free Space | 20,89% Space Free | Partition Type: NTFS Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe () MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll () MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (XTSvcMgr) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe (Novell, Inc.) SRV - (cusrvc) -- C:\Programme\Novell\Client\cusrvc.exe () SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (NCRecognizer) -- C:\Windows\SysNative\drivers\ncrecognizer.sys () DRV:64bit: - (NCFilter) -- C:\Windows\SysNative\drivers\ncfilter.sys () DRV:64bit: - (NCUncFilter) -- C:\Windows\SysNative\drivers\ncuncfilter.sys () DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM) DRV - (NCIOCTL) -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys () DRV - (NICM) -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys (Novell, Inc.) DRV - (NCFSD) -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys () DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 16 30 7B 05 95 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - prefs.js..network.proxy.http: "149.169.227.129" FF - prefs.js..network.proxy.http_port: 3127 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Michi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.07 18:07:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.07 18:07:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 17:10:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.19 10:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 10:53:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 17:10:57 | 000,000,000 | ---D | M] [2011.04.08 21:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2011.09.28 08:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\hzfg47j7.default\extensions [2011.11.01 16:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.08 22:36:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.04.08 22:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.29 20:53:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.24 12:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.02 12:07:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2011.11.01 16:09:03 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZFG47J7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZFG47J7.DEFAULT\EXTENSIONS\GMAIL@BORSOSFISOFT.COM.XPI [2011.10.04 11:14:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.04 11:14:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 11:14:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.04 11:14:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 11:14:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 11:14:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.04 11:14:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.14 11:20:29 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost , hxxp://kino.to/ , O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost hxxp://kino.to/ O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.) O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe () O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [zASRockInstantBoot] File not found O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26956E41-C775-4A02-BC58-578CEBCED280}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll () O30 - LSA: Authentication Packages - (ncv1_0) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk K:\ O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell - "" = AutoRun O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell\AutoRun\command - "" = I:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.02 18:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.02 15:45:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Michi\Desktop\esetsmartinstaller_enu.exe [2011.11.02 15:35:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\fsae_desk [2011.11.01 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\otl [2011.11.01 21:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.01 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.01 21:06:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2011.11.01 16:26:22 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011.11.01 13:44:36 | 000,823,296 | ---- | C] (Novell, Inc.) -- C:\Windows\SysWow64\ccsw32.dll [2011.11.01 13:44:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\novell [2011.11.01 13:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Novell [2011.11.01 13:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\nls [2011.11.01 13:44:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nls [2011.11.01 13:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Novell [2011.11.01 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novell [2011.10.28 02:01:16 | 000,000,000 | R--D | C] -- C:\Users\Michi\Dropbox [2011.10.28 01:57:53 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.10.28 01:57:37 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Dropbox [2011.10.28 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Freemake [2011.10.28 01:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2011.10.28 01:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2011.10.28 01:19:00 | 000,000,000 | ---D | C] -- C:\Users\Michi\Application Data [2011.10.28 01:08:20 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\3Dconnexion_Inc [2011.10.28 00:16:15 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\3Dconnexion [2011.10.28 00:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion [2011.10.28 00:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion [2011.10.28 00:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion [2011.10.25 19:15:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.10.24 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.10.19 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\12 VEGAS Video [2011.10.19 10:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.10.19 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.10.19 10:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.10.19 10:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.10.19 10:52:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Apple [2011.10.19 10:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.10.19 10:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.10.19 08:53:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Malwarebytes [2011.10.19 08:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.19 08:53:13 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.19 08:47:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Diagnostics [2011.10.17 21:24:47 | 000,000,000 | RHSD | C] -- C:\Users\Michi\M-1-52-5782-8752-5245 [2011.10.17 08:23:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Avira [2011.10.17 08:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.17 08:23:01 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.17 08:23:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.17 08:23:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.17 08:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.17 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2011.11.02 21:13:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000UA.job [2011.11.02 18:43:01 | 000,346,576 | ---- | M] () -- C:\Users\Michi\Desktop\Seite 2 - Trojaner-Board.pdf [2011.11.02 18:31:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.02 18:31:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.02 18:28:27 | 001,498,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.02 18:28:27 | 000,654,108 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.02 18:28:27 | 000,615,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.02 18:28:27 | 000,129,980 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.02 18:28:27 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.02 18:24:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.02 18:23:39 | 2133,872,639 | -HS- | M] () -- C:\hiberfil.sys [2011.11.02 16:04:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.02 16:04:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.02 15:44:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Michi\Desktop\esetsmartinstaller_enu.exe [2011.11.02 04:13:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000Core.job [2011.11.01 21:33:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.01 21:05:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2011.11.01 18:59:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.11.01 18:59:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.11.01 16:26:22 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011.10.28 02:01:16 | 000,001,001 | ---- | M] () -- C:\Users\Michi\Desktop\Dropbox.lnk [2011.10.28 01:58:00 | 000,000,981 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.10.27 13:32:37 | 000,016,384 | ---- | M] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.19 10:53:54 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.10.17 08:23:09 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.12 23:57:22 | 000,318,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2011.11.02 18:43:00 | 000,346,576 | ---- | C] () -- C:\Users\Michi\Desktop\Seite 2 - Trojaner-Board.pdf [2011.11.01 21:33:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.01 18:59:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.11.01 18:59:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.10.28 02:01:16 | 000,001,001 | ---- | C] () -- C:\Users\Michi\Desktop\Dropbox.lnk [2011.10.28 01:58:00 | 000,000,981 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.10.19 10:53:54 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.10.19 10:52:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.10.17 08:23:09 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.09.30 04:18:56 | 000,916,056 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll [2011.09.30 04:18:56 | 000,662,104 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll [2011.09.30 04:18:56 | 000,404,056 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll [2011.09.30 04:18:56 | 000,240,216 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll [2011.09.30 04:18:56 | 000,191,064 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll [2011.09.30 04:18:56 | 000,166,488 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll [2011.09.30 04:18:56 | 000,113,240 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll [2011.09.30 04:18:56 | 000,026,200 | ---- | C] () -- C:\Windows\SysWow64\loginw32.exe [2011.07.23 03:46:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll [2011.07.07 17:08:52 | 000,181,021 | ---- | C] () -- C:\Windows\hpoins13.dat [2011.07.07 17:08:52 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat [2011.06.23 15:50:38 | 000,016,384 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.19 18:32:11 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.19 18:32:09 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.06.19 18:32:09 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.07 21:45:25 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.06.07 21:45:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.06.07 21:45:24 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.06.07 21:45:24 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.06.07 21:45:23 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.05.04 10:42:17 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.25 11:37:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication [2011.04.25 11:37:42 | 000,000,268 | RH-- | C] () -- C:\Users\Michi\AppData\Roaming\Applications [2011.04.25 11:37:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.04.14 09:15:58 | 000,000,173 | ---- | C] () -- C:\Users\Michi\AppData\Local\msmathematics.qat.Michi [2011.04.13 01:02:47 | 000,000,190 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\PropCalc Preferences [2011.04.13 00:37:19 | 000,000,733 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\DriveCalculator Preferences [2011.04.08 22:37:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.08 21:54:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.10.28 00:16:15 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\3Dconnexion [2011.04.11 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2011.11.02 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox [2011.06.16 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView [2011.04.09 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LibreOffice [2011.04.25 11:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Nikon [2011.04.14 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Notepad++ [2011.09.28 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Publish Providers [2011.09.28 09:51:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Sony [2011.08.08 12:43:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.28 00:16:15 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\3Dconnexion [2011.04.25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Adobe [2011.04.08 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ATI [2011.10.17 08:23:19 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Avira [2011.04.11 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2011.06.22 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DivX [2011.11.02 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox [2011.07.07 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\HP [2011.04.08 21:43:52 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Identities [2011.04.08 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\InstallShield [2011.06.16 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView [2011.04.09 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LibreOffice [2011.04.08 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Macromedia [2011.10.19 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Media Center Programs [2011.06.22 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Media Player Classic [2011.10.17 21:26:08 | 000,000,000 | --SD | M] -- C:\Users\Michi\AppData\Roaming\Microsoft [2011.04.08 21:58:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Mozilla [2011.04.25 11:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Nikon [2011.04.14 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Notepad++ [2011.09.28 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Publish Providers [2011.05.04 10:38:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Real [2011.06.19 20:39:40 | 000,000,000 | RH-D | M] -- C:\Users\Michi\AppData\Roaming\SecuROM [2011.11.02 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Skype [2011.11.02 18:24:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\skypePM [2011.09.28 09:51:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Sony [2011.07.21 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michi\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.04.25 11:39:14 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe [2011.11.01 13:44:48 | 000,010,134 | R--- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{559D2B32-5066-4762-A2F2-52831AC6F67B}\ARPPRODUCTICON.exe [2011.08.22 23:30:45 | 000,010,134 | R--- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe [2011.04.25 11:39:25 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > < End of report >
__________________ |
|
02.11.2011, 21:58
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 16 30 7B 05 95 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.http: "149.169.227.129"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - HKCU..\Run: [ASRockXTU] File not found
O30 - LSA: Authentication Packages - (ncv1_0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk K:\
O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell - "" = AutoRun
O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell\AutoRun\command - "" = I:\Setup.exe
[2011.11.01 16:26:22 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011.10.17 21:24:47 | 000,000,000 | RHSD | C] -- C:\Users\Michi\M-1-52-5782-8752-5245
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
02.11.2011, 22:16
| #19 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" removed from keyword.URL
Prefs.js: "149.169.227.129" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ncv1_0 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.
File I:\Setup.exe not found.
C:\Windows\SysNative\drivers\stflt.sys moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.7 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Users\Michi\M-1-52-5782-8752-5245 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Michi
->Temp folder emptied: 4686777774 bytes
->Temporary Internet Files folder emptied: 251417988 bytes
->Java cache emptied: 9135029 bytes
->FireFox cache emptied: 49196600 bytes
->Flash cache emptied: 933 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116064409 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.876,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11022011_220457
Files\Folders moved on Reboot...
C:\Users\Michi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
__________________ schönen Gruß Michael |
|
02.11.2011, 22:17
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.11.2011, 22:54
| #21 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! nichts gefunden Code:
ATTFilter 22:45:54.0479 3540 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
22:45:54.0705 3540 ============================================================
22:45:54.0705 3540 Current date / time: 2011/11/02 22:45:54.0705
22:45:54.0705 3540 SystemInfo:
22:45:54.0705 3540
22:45:54.0705 3540 OS Version: 6.1.7601 ServicePack: 1.0
22:45:54.0705 3540 Product type: Workstation
22:45:54.0705 3540 ComputerName: MICHI-PC
22:45:54.0705 3540 UserName: Michi
22:45:54.0705 3540 Windows directory: C:\Windows
22:45:54.0705 3540 System windows directory: C:\Windows
22:45:54.0705 3540 Running under WOW64
22:45:54.0705 3540 Processor architecture: Intel x64
22:45:54.0705 3540 Number of processors: 4
22:45:54.0705 3540 Page size: 0x1000
22:45:54.0705 3540 Boot type: Normal boot
22:45:54.0705 3540 ============================================================
22:46:01.0675 3540 Initialize success
22:49:46.0517 3580 ============================================================
22:49:46.0517 3580 Scan started
22:49:46.0517 3580 Mode: Manual; SigCheck; TDLFS;
22:49:46.0517 3580 ============================================================
22:49:47.0157 3580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:49:47.0257 3580 1394ohci - ok
22:49:47.0297 3580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:49:47.0307 3580 ACPI - ok
22:49:47.0327 3580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:49:47.0357 3580 AcpiPmi - ok
22:49:47.0437 3580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:49:47.0457 3580 adp94xx - ok
22:49:47.0477 3580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:49:47.0497 3580 adpahci - ok
22:49:47.0507 3580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:49:47.0527 3580 adpu320 - ok
22:49:47.0577 3580 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:49:47.0647 3580 AFD - ok
22:49:47.0677 3580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:49:47.0687 3580 agp440 - ok
22:49:47.0707 3580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:49:47.0717 3580 aliide - ok
22:49:47.0727 3580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:49:47.0737 3580 amdide - ok
22:49:47.0767 3580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:49:47.0817 3580 AmdK8 - ok
22:49:47.0987 3580 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
22:49:48.0187 3580 amdkmdag - ok
22:49:48.0307 3580 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
22:49:48.0337 3580 amdkmdap - ok
22:49:48.0377 3580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:49:48.0407 3580 AmdPPM - ok
22:49:48.0447 3580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:49:48.0457 3580 amdsata - ok
22:49:48.0487 3580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:49:48.0497 3580 amdsbs - ok
22:49:48.0507 3580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:49:48.0517 3580 amdxata - ok
22:49:48.0647 3580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:49:48.0697 3580 AppID - ok
22:49:48.0737 3580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:49:48.0747 3580 arc - ok
22:49:48.0767 3580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:49:48.0777 3580 arcsas - ok
22:49:48.0837 3580 AsrCDDrv - ok
22:49:48.0847 3580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:48.0897 3580 AsyncMac - ok
22:49:48.0937 3580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:49:48.0947 3580 atapi - ok
22:49:49.0027 3580 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
22:49:49.0057 3580 AtiHDAudioService - ok
22:49:49.0097 3580 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:49.0107 3580 avgntflt - ok
22:49:49.0147 3580 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
22:49:49.0157 3580 avipbb - ok
22:49:49.0187 3580 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:49.0187 3580 avkmgr - ok
22:49:49.0237 3580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:49:49.0277 3580 b06bdrv - ok
22:49:49.0307 3580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:49:49.0347 3580 b57nd60a - ok
22:49:49.0387 3580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:49:49.0457 3580 Beep - ok
22:49:49.0497 3580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:49.0527 3580 blbdrive - ok
22:49:49.0587 3580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:49:49.0607 3580 bowser - ok
22:49:49.0627 3580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:49:49.0657 3580 BrFiltLo - ok
22:49:49.0667 3580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:49:49.0687 3580 BrFiltUp - ok
22:49:49.0707 3580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:49:49.0737 3580 Brserid - ok
22:49:49.0747 3580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:49.0767 3580 BrSerWdm - ok
22:49:49.0777 3580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:49.0797 3580 BrUsbMdm - ok
22:49:49.0817 3580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:49.0837 3580 BrUsbSer - ok
22:49:49.0847 3580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:49.0877 3580 BTHMODEM - ok
22:49:49.0887 3580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:49.0937 3580 cdfs - ok
22:49:49.0977 3580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:49:50.0017 3580 cdrom - ok
22:49:50.0047 3580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:49:50.0077 3580 circlass - ok
22:49:50.0107 3580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:49:50.0127 3580 CLFS - ok
22:49:50.0167 3580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:50.0197 3580 CmBatt - ok
22:49:50.0227 3580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:49:50.0237 3580 cmdide - ok
22:49:50.0287 3580 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:49:50.0317 3580 CNG - ok
22:49:50.0327 3580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:50.0337 3580 Compbatt - ok
22:49:50.0377 3580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:49:50.0407 3580 CompositeBus - ok
22:49:50.0427 3580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:50.0437 3580 crcdisk - ok
22:49:50.0477 3580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:49:50.0517 3580 CSC - ok
22:49:50.0597 3580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:49:50.0647 3580 DfsC - ok
22:49:50.0657 3580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:49:50.0707 3580 discache - ok
22:49:50.0757 3580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:49:50.0767 3580 Disk - ok
22:49:50.0837 3580 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:49:50.0857 3580 Dot4 - ok
22:49:50.0887 3580 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:49:50.0907 3580 Dot4Print - ok
22:49:50.0927 3580 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:49:50.0957 3580 dot4usb - ok
22:49:50.0977 3580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:49:50.0997 3580 drmkaud - ok
22:49:51.0057 3580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:51.0077 3580 DXGKrnl - ok
22:49:51.0157 3580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:49:51.0227 3580 ebdrv - ok
22:49:51.0327 3580 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:49:51.0337 3580 ElbyCDIO - ok
22:49:51.0367 3580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:49:51.0397 3580 elxstor - ok
22:49:51.0427 3580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:49:51.0457 3580 ErrDev - ok
22:49:51.0477 3580 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
22:49:51.0497 3580 EtronHub3 - ok
22:49:51.0527 3580 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
22:49:51.0547 3580 EtronXHCI - ok
22:49:51.0577 3580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:49:51.0627 3580 exfat - ok
22:49:51.0647 3580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:49:51.0697 3580 fastfat - ok
22:49:51.0737 3580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:49:51.0757 3580 fdc - ok
22:49:51.0777 3580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:49:51.0787 3580 FileInfo - ok
22:49:51.0797 3580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:49:51.0847 3580 Filetrace - ok
22:49:51.0847 3580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:51.0867 3580 flpydisk - ok
22:49:51.0897 3580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:49:51.0907 3580 FltMgr - ok
22:49:51.0957 3580 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
22:49:51.0967 3580 FNETTBOH_305 - ok
22:49:51.0987 3580 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
22:49:51.0997 3580 FNETURPX - ok
22:49:52.0027 3580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:49:52.0037 3580 FsDepends - ok
22:49:52.0087 3580 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:49:52.0097 3580 fssfltr - ok
22:49:52.0117 3580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:52.0127 3580 Fs_Rec - ok
22:49:52.0167 3580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:49:52.0187 3580 fvevol - ok
22:49:52.0207 3580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:52.0217 3580 gagp30kx - ok
22:49:52.0227 3580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:49:52.0247 3580 hcw85cir - ok
22:49:52.0327 3580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:49:52.0357 3580 HdAudAddService - ok
22:49:52.0387 3580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:49:52.0417 3580 HDAudBus - ok
22:49:52.0437 3580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:52.0467 3580 HidBatt - ok
22:49:52.0477 3580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:52.0507 3580 HidBth - ok
22:49:52.0527 3580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:49:52.0557 3580 HidIr - ok
22:49:52.0597 3580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:49:52.0627 3580 HidUsb - ok
22:49:52.0667 3580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:49:52.0677 3580 HpSAMD - ok
22:49:52.0717 3580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:49:52.0787 3580 HTTP - ok
22:49:52.0817 3580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:49:52.0827 3580 hwpolicy - ok
22:49:52.0867 3580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:49:52.0877 3580 i8042prt - ok
22:49:52.0917 3580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:49:52.0937 3580 iaStorV - ok
22:49:52.0967 3580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:49:52.0977 3580 iirsp - ok
22:49:53.0017 3580 IntcAzAudAddService - ok
22:49:53.0027 3580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:49:53.0037 3580 intelide - ok
22:49:53.0077 3580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:53.0097 3580 intelppm - ok
22:49:53.0137 3580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:53.0197 3580 IpFilterDriver - ok
22:49:53.0247 3580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:49:53.0257 3580 IPMIDRV - ok
22:49:53.0287 3580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:49:53.0337 3580 IPNAT - ok
22:49:53.0357 3580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:49:53.0387 3580 IRENUM - ok
22:49:53.0437 3580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:49:53.0447 3580 isapnp - ok
22:49:53.0467 3580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:49:53.0477 3580 iScsiPrt - ok
22:49:53.0497 3580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:49:53.0507 3580 kbdclass - ok
22:49:53.0547 3580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:49:53.0557 3580 kbdhid - ok
22:49:53.0577 3580 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:49:53.0597 3580 KSecDD - ok
22:49:53.0627 3580 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:49:53.0637 3580 KSecPkg - ok
22:49:53.0647 3580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:49:53.0697 3580 ksthunk - ok
22:49:53.0737 3580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:53.0777 3580 lltdio - ok
22:49:53.0837 3580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:49:53.0847 3580 LSI_FC - ok
22:49:53.0867 3580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:49:53.0877 3580 LSI_SAS - ok
22:49:53.0897 3580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:49:53.0907 3580 LSI_SAS2 - ok
22:49:53.0917 3580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:49:53.0937 3580 LSI_SCSI - ok
22:49:53.0967 3580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:49:54.0017 3580 luafv - ok
22:49:54.0077 3580 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
22:49:54.0087 3580 LUMDriver - ok
22:49:54.0137 3580 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
22:49:54.0147 3580 MBAMProtector - ok
22:49:54.0197 3580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:49:54.0207 3580 megasas - ok
22:49:54.0237 3580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:49:54.0257 3580 MegaSR - ok
22:49:54.0287 3580 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:49:54.0297 3580 MEIx64 - ok
22:49:54.0307 3580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:49:54.0367 3580 Modem - ok
22:49:54.0417 3580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:49:54.0447 3580 monitor - ok
22:49:54.0487 3580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:49:54.0507 3580 mouclass - ok
22:49:54.0517 3580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:54.0537 3580 mouhid - ok
22:49:54.0577 3580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:49:54.0587 3580 mountmgr - ok
22:49:54.0617 3580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:49:54.0627 3580 mpio - ok
22:49:54.0667 3580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:49:54.0717 3580 mpsdrv - ok
22:49:54.0747 3580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:49:54.0767 3580 MRxDAV - ok
22:49:54.0797 3580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:54.0837 3580 mrxsmb - ok
22:49:54.0867 3580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:54.0897 3580 mrxsmb10 - ok
22:49:54.0917 3580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:54.0927 3580 mrxsmb20 - ok
22:49:54.0947 3580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:49:54.0957 3580 msahci - ok
22:49:55.0007 3580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:49:55.0027 3580 msdsm - ok
22:49:55.0047 3580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:49:55.0087 3580 Msfs - ok
22:49:55.0097 3580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:49:55.0157 3580 mshidkmdf - ok
22:49:55.0197 3580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:49:55.0207 3580 msisadrv - ok
22:49:55.0237 3580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:55.0297 3580 MSKSSRV - ok
22:49:55.0317 3580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:55.0357 3580 MSPCLOCK - ok
22:49:55.0377 3580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:49:55.0427 3580 MSPQM - ok
22:49:55.0457 3580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:49:55.0477 3580 MsRPC - ok
22:49:55.0497 3580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:49:55.0507 3580 mssmbios - ok
22:49:55.0527 3580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:49:55.0567 3580 MSTEE - ok
22:49:55.0587 3580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:49:55.0647 3580 MTConfig - ok
22:49:55.0657 3580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:49:55.0667 3580 Mup - ok
22:49:55.0707 3580 mv91xx (4fad606c7aeb336e5aa4a005de09ca80) C:\Windows\system32\DRIVERS\mv91xx.sys
22:49:55.0727 3580 mv91xx - ok
22:49:55.0757 3580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:55.0787 3580 NativeWifiP - ok
22:49:55.0837 3580 NCFilter (a953d89c056882dd6cc556af51e2741e) C:\Windows\system32\DRIVERS\NCFilter.sys
22:49:55.0847 3580 NCFilter - ok
22:49:55.0917 3580 NCFSD (19b1ad1363131a56f5e52c08c57dd1ef) C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
22:49:55.0927 3580 NCFSD - ok
22:49:55.0967 3580 NCIOCTL (d5f8e9e2e2ac9cef579975a15825d520) C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
22:49:55.0967 3580 NCIOCTL - ok
22:49:55.0997 3580 NCRecognizer (12ee3f0e9fcde8ec4853108ce131ede5) C:\Windows\system32\DRIVERS\NCRecognizer.sys
22:49:56.0007 3580 NCRecognizer - ok
22:49:56.0017 3580 NCUncFilter (cb892cc25981c7e8b96666eb1ed01317) C:\Windows\system32\DRIVERS\NCUncFilter.sys
22:49:56.0027 3580 NCUncFilter - ok
22:49:56.0087 3580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:49:56.0117 3580 NDIS - ok
22:49:56.0127 3580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:49:56.0167 3580 NdisCap - ok
22:49:56.0197 3580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:56.0257 3580 NdisTapi - ok
22:49:56.0287 3580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:56.0337 3580 Ndisuio - ok
22:49:56.0377 3580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:56.0427 3580 NdisWan - ok
22:49:56.0467 3580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:49:56.0517 3580 NDProxy - ok
22:49:56.0557 3580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:49:56.0607 3580 NetBIOS - ok
22:49:56.0647 3580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:49:56.0687 3580 NetBT - ok
22:49:56.0747 3580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:49:56.0757 3580 nfrd960 - ok
22:49:56.0837 3580 NICM (fc6dadb97bd3b7a61d06f20d0d2e1bac) C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
22:49:56.0837 3580 NICM - ok
22:49:56.0857 3580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:49:56.0907 3580 Npfs - ok
22:49:56.0927 3580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:49:56.0977 3580 nsiproxy - ok
22:49:57.0027 3580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:49:57.0077 3580 Ntfs - ok
22:49:57.0097 3580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:49:57.0137 3580 Null - ok
22:49:57.0207 3580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:49:57.0217 3580 nvraid - ok
22:49:57.0227 3580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:49:57.0247 3580 nvstor - ok
22:49:57.0277 3580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:49:57.0287 3580 nv_agp - ok
22:49:57.0297 3580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:49:57.0317 3580 ohci1394 - ok
22:49:57.0337 3580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:49:57.0347 3580 Parport - ok
22:49:57.0387 3580 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:49:57.0397 3580 partmgr - ok
22:49:57.0427 3580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:49:57.0437 3580 pci - ok
22:49:57.0447 3580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:49:57.0457 3580 pciide - ok
22:49:57.0487 3580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:49:57.0497 3580 pcmcia - ok
22:49:57.0517 3580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:49:57.0527 3580 pcw - ok
22:49:57.0547 3580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:49:57.0617 3580 PEAUTH - ok
22:49:57.0737 3580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:57.0787 3580 PptpMiniport - ok
22:49:57.0787 3580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:49:57.0807 3580 Processor - ok
22:49:57.0867 3580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:49:57.0917 3580 Psched - ok
22:49:57.0977 3580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:49:58.0017 3580 ql2300 - ok
22:49:58.0037 3580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:49:58.0047 3580 ql40xx - ok
22:49:58.0067 3580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:49:58.0097 3580 QWAVEdrv - ok
22:49:58.0127 3580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:58.0177 3580 RasAcd - ok
22:49:58.0207 3580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:49:58.0247 3580 RasAgileVpn - ok
22:49:58.0287 3580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:58.0327 3580 Rasl2tp - ok
22:49:58.0357 3580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:58.0407 3580 RasPppoe - ok
22:49:58.0417 3580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:58.0467 3580 RasSstp - ok
22:49:58.0497 3580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:58.0557 3580 rdbss - ok
22:49:58.0567 3580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:49:58.0597 3580 rdpbus - ok
22:49:58.0617 3580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:58.0667 3580 RDPCDD - ok
22:49:58.0707 3580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:49:58.0727 3580 RDPDR - ok
22:49:58.0747 3580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:49:58.0797 3580 RDPENCDD - ok
22:49:58.0827 3580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:49:58.0867 3580 RDPREFMP - ok
22:49:58.0897 3580 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:49:58.0947 3580 RDPWD - ok
22:49:58.0977 3580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:49:58.0997 3580 rdyboost - ok
22:49:59.0037 3580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:59.0097 3580 rspndr - ok
22:49:59.0177 3580 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
22:49:59.0187 3580 RTCore64 - ok
22:49:59.0297 3580 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:49:59.0307 3580 RTL8167 - ok
22:49:59.0427 3580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:49:59.0447 3580 s3cap - ok
22:49:59.0517 3580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:49:59.0527 3580 sbp2port - ok
22:49:59.0557 3580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:49:59.0607 3580 scfilter - ok
22:49:59.0677 3580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:49:59.0717 3580 secdrv - ok
22:49:59.0757 3580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:49:59.0767 3580 Serenum - ok
22:49:59.0797 3580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:49:59.0827 3580 Serial - ok
22:49:59.0867 3580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:49:59.0897 3580 sermouse - ok
22:49:59.0927 3580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:49:59.0947 3580 sffdisk - ok
22:49:59.0967 3580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:59.0987 3580 sffp_mmc - ok
22:50:00.0007 3580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:50:00.0037 3580 sffp_sd - ok
22:50:00.0057 3580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:00.0087 3580 sfloppy - ok
22:50:00.0117 3580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:00.0127 3580 SiSRaid2 - ok
22:50:00.0137 3580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:00.0157 3580 SiSRaid4 - ok
22:50:00.0177 3580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:50:00.0217 3580 Smb - ok
22:50:00.0257 3580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:50:00.0267 3580 spldr - ok
22:50:00.0307 3580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:50:00.0327 3580 srv - ok
22:50:00.0367 3580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:50:00.0387 3580 srv2 - ok
22:50:00.0407 3580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:00.0427 3580 srvnet - ok
22:50:00.0457 3580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:50:00.0467 3580 stexstor - ok
22:50:00.0517 3580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:50:00.0527 3580 storflt - ok
22:50:00.0547 3580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:50:00.0557 3580 storvsc - ok
22:50:00.0567 3580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:50:00.0577 3580 swenum - ok
22:50:00.0647 3580 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:50:00.0707 3580 Tcpip - ok
22:50:00.0737 3580 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:00.0777 3580 TCPIP6 - ok
22:50:00.0817 3580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:50:00.0877 3580 tcpipreg - ok
22:50:00.0897 3580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:50:00.0947 3580 TDPIPE - ok
22:50:00.0957 3580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:50:01.0017 3580 TDTCP - ok
22:50:01.0047 3580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:50:01.0107 3580 tdx - ok
22:50:01.0127 3580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:50:01.0137 3580 TermDD - ok
22:50:01.0177 3580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:01.0237 3580 tssecsrv - ok
22:50:01.0267 3580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:50:01.0297 3580 TsUsbFlt - ok
22:50:01.0337 3580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:01.0377 3580 tunnel - ok
22:50:01.0397 3580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:50:01.0407 3580 uagp35 - ok
22:50:01.0447 3580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:50:01.0497 3580 udfs - ok
22:50:01.0537 3580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:50:01.0547 3580 uliagpkx - ok
22:50:01.0577 3580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:50:01.0587 3580 umbus - ok
22:50:01.0617 3580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:50:01.0637 3580 UmPass - ok
22:50:01.0677 3580 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:50:01.0707 3580 usbaudio - ok
22:50:01.0737 3580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:01.0747 3580 usbccgp - ok
22:50:01.0777 3580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:50:01.0807 3580 usbcir - ok
22:50:01.0817 3580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:50:01.0847 3580 usbehci - ok
22:50:01.0877 3580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:01.0897 3580 usbhub - ok
22:50:01.0917 3580 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:50:01.0937 3580 usbohci - ok
22:50:01.0967 3580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:01.0987 3580 usbprint - ok
22:50:02.0007 3580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:02.0037 3580 usbscan - ok
22:50:02.0057 3580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:02.0077 3580 USBSTOR - ok
22:50:02.0097 3580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:50:02.0117 3580 usbuhci - ok
22:50:02.0157 3580 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
22:50:02.0167 3580 VClone - ok
22:50:02.0197 3580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:50:02.0207 3580 vdrvroot - ok
22:50:02.0237 3580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:02.0257 3580 vga - ok
22:50:02.0277 3580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:50:02.0327 3580 VgaSave - ok
22:50:02.0367 3580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:50:02.0377 3580 vhdmp - ok
22:50:02.0407 3580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:50:02.0417 3580 viaide - ok
22:50:02.0427 3580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:50:02.0447 3580 vmbus - ok
22:50:02.0467 3580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:50:02.0487 3580 VMBusHID - ok
22:50:02.0507 3580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:50:02.0517 3580 volmgr - ok
22:50:02.0557 3580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:50:02.0577 3580 volmgrx - ok
22:50:02.0597 3580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:50:02.0607 3580 volsnap - ok
22:50:02.0647 3580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:02.0657 3580 vsmraid - ok
22:50:02.0667 3580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:50:02.0687 3580 vwifibus - ok
22:50:02.0717 3580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:02.0737 3580 WacomPen - ok
22:50:02.0767 3580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0827 3580 WANARP - ok
22:50:02.0837 3580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0877 3580 Wanarpv6 - ok
22:50:02.0907 3580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:50:02.0917 3580 Wd - ok
22:50:02.0947 3580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:50:02.0967 3580 Wdf01000 - ok
22:50:02.0997 3580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:03.0047 3580 WfpLwf - ok
22:50:03.0067 3580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:50:03.0077 3580 WIMMount - ok
22:50:03.0117 3580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:03.0147 3580 WinUsb - ok
22:50:03.0177 3580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:50:03.0187 3580 WmiAcpi - ok
22:50:03.0207 3580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:03.0257 3580 ws2ifsl - ok
22:50:03.0297 3580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:50:03.0357 3580 WudfPf - ok
22:50:03.0387 3580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:03.0437 3580 WUDFRd - ok
22:50:03.0477 3580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:50:03.0537 3580 \Device\Harddisk0\DR0 - ok
22:50:03.0537 3580 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
22:50:06.0207 3580 \Device\Harddisk1\DR1 - ok
22:50:06.0217 3580 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR2
22:50:06.0317 3580 \Device\Harddisk2\DR2 - ok
22:50:06.0317 3580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
22:50:06.0427 3580 \Device\Harddisk3\DR3 - ok
22:50:06.0437 3580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
22:50:06.0537 3580 \Device\Harddisk4\DR4 - ok
22:50:06.0537 3580 Boot (0x1200) (f6d814b12ff0343a34eab7690358567c) \Device\Harddisk0\DR0\Partition0
22:50:06.0537 3580 \Device\Harddisk0\DR0\Partition0 - ok
22:50:06.0557 3580 Boot (0x1200) (df694b1d3a6453a6b71ddb433e634f4a) \Device\Harddisk0\DR0\Partition1
22:50:06.0567 3580 \Device\Harddisk0\DR0\Partition1 - ok
22:50:06.0577 3580 Boot (0x1200) (c942f1953721ca673d5bbcd1164cbf1f) \Device\Harddisk0\DR0\Partition2
22:50:06.0577 3580 \Device\Harddisk0\DR0\Partition2 - ok
22:50:06.0597 3580 Boot (0x1200) (89f37f4db68f90317a78136c12f3a286) \Device\Harddisk0\DR0\Partition3
22:50:06.0597 3580 \Device\Harddisk0\DR0\Partition3 - ok
22:50:06.0597 3580 Boot (0x1200) (f776419df7963e7deb54a549cf3faf8c) \Device\Harddisk1\DR1\Partition0
22:50:06.0597 3580 \Device\Harddisk1\DR1\Partition0 - ok
22:50:06.0597 3580 Boot (0x1200) (8b2c84d369f12c90e1d9094cde629c85) \Device\Harddisk2\DR2\Partition0
22:50:06.0607 3580 \Device\Harddisk2\DR2\Partition0 - ok
22:50:06.0607 3580 Boot (0x1200) (0a80ed696ec9b1ba679e3e46009c7650) \Device\Harddisk3\DR3\Partition0
22:50:06.0607 3580 \Device\Harddisk3\DR3\Partition0 - ok
22:50:06.0607 3580 Boot (0x1200) (9d94978883fe8cee01f98e1d4f9682a6) \Device\Harddisk4\DR4\Partition0
22:50:06.0607 3580 \Device\Harddisk4\DR4\Partition0 - ok
22:50:06.0617 3580 ============================================================
22:50:06.0617 3580 Scan finished
22:50:06.0617 3580 ============================================================
22:50:06.0627 2264 Detected object count: 0
22:50:06.0627 2264 Actual detected object count: 0
__________________ --> TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! |
|
02.11.2011, 23:00
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.11.2011, 23:40
| #23 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Code:
ATTFilter ComboFix 11-11-02.03 - Michi 02.11.2011 23:17:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.5949 [GMT 1:00]
ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-02 bis 2011-11-02 ))))))))))))))))))))))))))))))
.
.
2011-11-02 22:24 . 2011-11-02 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-02 21:04 . 2011-11-02 21:04 -------- d-----w- C:\_OTL
2011-11-02 17:30 . 2011-11-02 17:30 -------- d-----w- c:\program files (x86)\ESET
2011-11-01 20:33 . 2011-11-02 16:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 18:21 . 2011-11-01 18:21 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-11-01 18:21 . 2011-11-01 18:21 -------- d-----w- c:\windows\system32\wbem\en-US
2011-11-01 12:44 . 2011-11-01 12:44 -------- d-----w- c:\windows\SysWow64\novell
2011-11-01 12:44 . 2009-03-30 10:45 823296 ------w- c:\windows\SysWow64\ccsw32.dll
2011-11-01 12:44 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-11-01 12:44 . 2001-09-05 03:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-11-01 12:44 . 2001-09-05 03:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-11-01 12:44 . 2001-09-05 03:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-11-01 12:44 . 2008-06-12 07:34 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-11-01 12:44 . 2011-11-01 12:44 -------- d-----w- c:\programdata\Novell
2011-11-01 12:44 . 2011-11-01 12:44 -------- d-----w- c:\windows\SysWow64\nls
2011-11-01 12:44 . 2011-11-01 12:44 -------- d-----w- c:\windows\system32\nls
2011-11-01 12:44 . 2011-11-01 12:44 -------- d-----w- c:\program files\Novell
2011-11-01 12:41 . 2011-11-01 12:44 -------- d-----w- c:\program files (x86)\Novell
2011-10-28 01:01 . 2011-11-02 21:07 -------- d-----r- c:\users\Michi\Dropbox
2011-10-28 00:57 . 2011-11-02 21:07 -------- d-----w- c:\users\Michi\AppData\Roaming\Dropbox
2011-10-28 00:28 . 2011-10-28 01:07 -------- d-----w- c:\programdata\Freemake
2011-10-28 00:28 . 2011-10-28 01:07 -------- d-----w- c:\program files (x86)\Freemake
2011-10-28 00:08 . 2011-10-28 00:08 -------- d-----w- c:\users\Michi\AppData\Local\3Dconnexion_Inc
2011-10-27 23:16 . 2011-10-27 23:16 -------- d-----w- c:\users\Michi\AppData\Roaming\3Dconnexion
2011-10-27 23:04 . 2011-10-27 23:04 -------- d-----w- c:\program files (x86)\3Dconnexion
2011-10-27 23:04 . 2011-10-27 23:04 -------- d-----w- c:\program files\3Dconnexion
2011-10-27 23:03 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-10-27 23:03 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-10-27 23:03 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-10-27 23:03 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-10-27 23:03 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-10-27 23:03 . 2011-10-27 23:03 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-10-27 23:03 . 2011-10-27 23:03 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-10-25 18:15 . 2011-10-25 18:15 -------- d-----w- c:\windows\system32\appmgmt
2011-10-24 11:44 . 2011-10-24 11:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-19 09:52 . 2011-10-19 09:52 -------- d-----w- c:\users\Michi\AppData\Local\Apple
2011-10-19 09:52 . 2011-10-19 09:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-19 09:52 . 2011-10-19 09:52 -------- d-----w- c:\programdata\Apple
2011-10-19 07:53 . 2011-10-19 07:53 -------- d-----w- c:\users\Michi\AppData\Roaming\Malwarebytes
2011-10-19 07:53 . 2011-10-19 07:53 -------- d-----w- c:\programdata\Malwarebytes
2011-10-19 07:53 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 07:47 . 2011-10-19 07:47 -------- d-----w- c:\users\Michi\AppData\Local\Diagnostics
2011-10-17 07:23 . 2011-10-17 07:23 -------- d-----w- c:\users\Michi\AppData\Roaming\Avira
2011-10-17 07:23 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-17 07:23 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-17 07:23 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-17 07:22 . 2011-10-17 07:22 -------- d-----w- c:\programdata\Avira
2011-10-17 07:22 . 2011-10-17 07:22 -------- d-----w- c:\program files (x86)\Avira
2011-10-12 02:52 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 02:52 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 02:52 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 02:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 02:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 02:51 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 02:51 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 02:51 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 02:51 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 15:04 . 2011-06-19 19:39 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-02 15:04 . 2011-06-19 17:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-22 15:11 . 2011-05-16 06:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-04-08 21:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 03:18 . 2011-09-30 03:18 916056 ----a-w- c:\windows\SysWow64\ncnetprovider.dll
2011-09-30 03:18 . 2011-09-30 03:18 80472 ----a-w- c:\windows\SysWow64\audwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 68184 ----a-w- c:\windows\SysWow64\clxwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 662104 ----a-w- c:\windows\SysWow64\ncloginui.dll
2011-09-30 03:18 . 2011-09-30 03:18 404056 ----a-w- c:\windows\SysWow64\noveap.dll
2011-09-30 03:18 . 2011-09-30 03:18 26200 ----a-w- c:\windows\SysWow64\loginw32.exe
2011-09-30 03:18 . 2011-09-30 03:18 240216 ----a-w- c:\windows\SysWow64\nwshlxnt.dll
2011-09-30 03:18 . 2011-09-30 03:18 223832 ----a-w- c:\windows\SysWow64\netwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 219736 ----a-w- c:\windows\SysWow64\ncpwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 215640 ----a-w- c:\windows\SysWow64\calwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 191064 ----a-w- c:\windows\SysWow64\lgnwnt32.dll
2011-09-30 03:18 . 2011-09-30 03:18 166488 ----a-w- c:\windows\SysWow64\mapbase.dll
2011-09-30 03:18 . 2011-09-30 03:18 150104 ----a-w- c:\windows\SysWow64\locwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 113240 ----a-w- c:\windows\SysWow64\nclangid.dll
2011-09-30 03:18 . 2011-09-30 03:18 109144 ----a-w- c:\windows\SysWow64\spmnwcc.dll
2011-09-30 03:18 . 2011-09-30 03:18 100952 ----a-w- c:\windows\SysWow64\clnwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 79448 ----a-w- c:\windows\system32\audwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 789592 ----a-w- c:\windows\system32\ncloginui.dll
2011-09-30 03:18 . 2011-09-30 03:18 63064 ----a-w- c:\windows\system32\clxwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 505432 ----a-w- c:\windows\system32\noveap.dll
2011-09-30 03:18 . 2011-09-30 03:18 49240 ----a-w- c:\windows\system32\ncv1_0.dll
2011-09-30 03:18 . 2011-09-30 03:18 45656 ----a-w- c:\windows\system32\nwtray.exe
2011-09-30 03:18 . 2011-09-30 03:18 354392 ----a-w- c:\windows\system32\nccredprovider.dll
2011-09-30 03:18 . 2011-09-30 03:18 280664 ----a-w- c:\windows\system32\nwshlxnt.dll
2011-09-30 03:18 . 2011-09-30 03:18 27736 ----a-w- c:\windows\system32\loginw32.exe
2011-09-30 03:18 . 2011-09-30 03:18 273496 ----a-w- c:\windows\system32\netwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 271448 ----a-w- c:\windows\system32\calwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 269912 ----a-w- c:\windows\system32\ncpwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 26200 ----a-w- c:\windows\system32\drivers\ncuncfilter.sys
2011-09-30 03:18 . 2011-09-30 03:18 250968 ----a-w- c:\windows\system32\lgnwnt32.dll
2011-09-30 03:18 . 2011-09-30 03:18 185432 ----a-w- c:\windows\system32\locwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 183384 ----a-w- c:\windows\system32\mapbase.dll
2011-09-30 03:18 . 2011-09-30 03:18 15448 ----a-w- c:\windows\system32\nccredlogonext.dll
2011-09-30 03:18 . 2011-09-30 03:18 149080 ----a-w- c:\windows\system32\spmnwcc.dll
2011-09-30 03:18 . 2011-09-30 03:18 125016 ----a-w- c:\windows\system32\nclangid.dll
2011-09-30 03:18 . 2011-09-30 03:18 119384 ----a-w- c:\windows\system32\drivers\ncrecognizer.sys
2011-09-30 03:18 . 2011-09-30 03:18 113240 ----a-w- c:\windows\system32\drivers\ncfilter.sys
2011-09-30 03:18 . 2011-09-30 03:18 113240 ----a-w- c:\windows\system32\clnwin32.dll
2011-09-30 03:18 . 2011-09-30 03:18 1041496 ----a-w- c:\windows\system32\ncnetprovider.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-03-08 17037704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-04-08 4942336]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [x]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [x]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-09-30 106072]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-09-30 89688]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-09-30 19544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000Core.job
- c:\users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 12:20]
.
2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000UA.job
- c:\users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 12:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2011-09-30 45656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hzfg47j7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-eLamX - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,ab,e3,fc,20,2d,2f,8d,08,b2,96,55,26,58,d0,0f,0a,77,ee,a3,80,
e8,9d,c7,d8,bc,2d,67,03,a3,76,b1,de,49,d1,00,29,c1,0e,d3,b0,02,43,d7,37,11,\
"rkeysecu"=hex:58,ec,36,3a,b2,2f,bc,fc,b4,94,91,b1,38,58,8e,1e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-02 23:30:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-02 22:30
.
Vor Suchlauf: 10 Verzeichnis(se), 26.403.168.256 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 25.881.075.712 Bytes frei
.
- - End Of File - - 648D57191388857E3E9081108255C4AA
__________________ schönen Gruß Michael |
|
03.11.2011, 10:41
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 14:47
| #25 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-04 14:08:00
-----------------------------
14:08:00.772 OS Version: Windows x64 6.1.7601 Service Pack 1
14:08:00.772 Number of processors: 4 586 0x2A07
14:08:00.773 ComputerName: MICHI-PC UserName: Michi
14:08:01.322 Initialize success
14:10:06.198 AVAST engine defs: 11110400
14:11:04.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:11:04.315 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
14:11:04.333 Disk 0 MBR read successfully
14:11:04.336 Disk 0 MBR scan
14:11:04.341 Disk 0 Windows 7 default MBR code
14:11:04.344 Service scanning
14:11:07.417 Modules scanning
14:11:07.421 Disk 0 trace - called modules:
14:11:07.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:11:07.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082c1060]
14:11:07.445 3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> [0xfffffa8007b29e40]
14:11:07.449 5 ACPI.sys[fffff88000f597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b12060]
14:11:07.745 AVAST engine scan C:\Windows
14:11:11.440 AVAST engine scan C:\Windows\system32
14:12:53.611 AVAST engine scan C:\Windows\system32\drivers
14:13:02.024 AVAST engine scan C:\Users\Michi
14:24:00.873 AVAST engine scan C:\ProgramData
14:24:53.524 Scan finished successfully
14:25:24.196 Disk 0 MBR has been saved successfully to "C:\Users\Michi\Desktop\MBR.dat"
14:25:24.202 The log file has been saved successfully to "C:\Users\Michi\Desktop\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-04 14:26:15
-----------------------------
14:26:15.803 OS Version: Windows x64 6.1.7601 Service Pack 1
14:26:15.803 Number of processors: 4 586 0x2A07
14:26:15.804 ComputerName: MICHI-PC UserName: Michi
14:26:16.520 Initialize success
14:26:21.262 AVAST engine defs: 11110400
14:26:27.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:26:27.967 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
14:26:28.054 Disk 0 MBR read successfully
14:26:28.057 Disk 0 MBR scan
14:26:28.062 Disk 0 Windows 7 default MBR code
14:26:28.079 Service scanning
14:26:29.330 Modules scanning
14:26:29.334 Disk 0 trace - called modules:
14:26:29.368 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:26:29.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082c1060]
14:26:29.376 3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> [0xfffffa8007b29e40]
14:26:29.380 5 ACPI.sys[fffff88000f597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b12060]
14:26:30.100 AVAST engine scan C:\Windows
14:26:41.144 AVAST engine scan C:\Windows\system32
14:28:19.952 AVAST engine scan C:\Windows\system32\drivers
14:28:28.831 AVAST engine scan C:\Users\Michi
14:36:28.511 AVAST engine scan C:\ProgramData
14:37:11.363 Scan finished successfully
14:45:24.429 Disk 0 MBR has been saved successfully to "C:\Users\Michi\Desktop\MBR.dat"
14:45:24.434 The log file has been saved successfully to "C:\Users\Michi\Desktop\aswMBR.txt"
__________________ schönen Gruß Michael |
|
04.11.2011, 15:26
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.11.2011, 14:12
| #27 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/11/2011 at 10:26 PM
Application Version : 5.0.1134
Core Rules Database Version : 7934
Trace Rules Database Version: 5746
Scan type : Complete Scan
Total Scan Time : 00:02:01
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 715
Memory threats detected : 0
Registry items scanned : 71647
Registry threats detected : 0
File items scanned : 7435
File threats detected : 2
Adware.Tracking Cookie
C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Cookies\YMIBEMWI.txt [ /doubleclick.net ]
C:\USERS\MICHI\Cookies\YMIBEMWI.txt [ Cookie:michi@doubleclick.net/ ]
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8137
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11.11.2011 08:11:36
mbam-log-2011-11-11 (08-11-36).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|K:\|)
Durchsuchte Objekte: 336655
Laufzeit: 42 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________ schönen Gruß Michael |
|
14.11.2011, 12:47
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Was ist mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2011, 21:22
| #29 |
| | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! ESET lieft folgendes: Code:
ATTFilter C:\_OTL\MovedFiles\11022011_220457\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\_OTL\MovedFiles\11022011_220457\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
Hast du evtl. einen Tipp? Und vielen Dank für die tolle Unterstützung/Hilfe, meine Festplatten von dem Trojaner zu befreien. Ich kann dieses Forum nur weiter empfehlen!!! echt klasse
__________________ schönen Gruß Michael |
|
15.11.2011, 08:53
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! Ok, da wurden nur Cookies und isolierte Schädlinge (in der Q von OTL) gefunden, ist harmlos. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! |
| .dll, antivirus, avg, avira, beseitigung, booten, dateien, desktop, facebook, link geöffnet, malwarebytes, mbamservice.exe, microsoft, modul, namen, nt.dll, ordner, phopiex, phorpiex, problem, programme, prozesse, registry, scan, software, spyware, svchost.exe, system, system32, trjoaner, trojaner, verweise, virus gefunden, virus/trojaner, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
