| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2011, 16:05
| #1 |
 |  "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Wie ich grad gelesen habe, bin ich wohl nicht die Einzigste mit dem Problem. Hier also meine Log Files. Ich hoffe ihr könnt mir helfen. LG Ginimo |
|
20.12.2011, 16:12
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
20.12.2011, 21:35
| #3 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" ESETSmartInstaller@High as CAB hook log:
__________________OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=eaa9370e92756745b2f73bfc406f99b5 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-20 06:36:02 # local_time=2011-12-20 07:36:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775166 100 100 210175 99302694 261635 0 # compatibility_mode=5892 16776573 100 100 8528 161938858 0 0 # compatibility_mode=8192 67108863 100 0 8282 8282 0 0 # scanned=1155 # found=0 # cleaned=0 # scan_time=32 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=eaa9370e92756745b2f73bfc406f99b5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-20 08:25:07 # local_time=2011-12-20 09:25:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775166 100 100 210325 99302844 261785 0 # compatibility_mode=5892 16776573 100 100 8678 161939008 0 0 # compatibility_mode=8192 67108863 100 0 8432 8432 0 0 # scanned=204839 # found=5 # cleaned=0 # scan_time=6427 C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-279336f9 a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\63b90e34-30b6a901 Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-5e8d1d63 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\ccc963b-15ddf887 probably a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I und als Anhang der von Malware |
|
20.12.2011, 22:09
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert"Zitat:
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.12.2011, 22:13
| #5 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ich war der Meinung sie gelöscht zu haben...?! Ok, dann lass ichs nochmal durchlaufen.  Nein, ich hab keine vorhergehenden Files. Da bin ich sicher.... |
|
20.12.2011, 23:17
| #6 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Jetzt findet er nicht....!!!???  Vllt doch gelöscht? |
|
20.12.2011, 23:19
| #7 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" ahhhh!!! nee, ich hatte es in Quarantäne gepackt... Deswegen wurde wohl nichts gefunden. Hab jetzt alles gelöscht. Geändert von ginimo (20.12.2011 um 23:43 Uhr) |
|
21.12.2011, 10:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Mach bitte ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 19:50
| #9 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2011 19:31:36 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gini\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,73% Memory free 4,23 Gb Paging File | 3,90 Gb Available in Paging File | 92,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,20 Gb Total Space | 38,34 Gb Free Space | 17,33% Space Free | Partition Type: NTFS Drive D: | 11,68 Gb Total Space | 2,20 Gb Free Space | 18,84% Space Free | Partition Type: NTFS Computer Name: GINI-PC | User Name: Gini | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gini\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HTCAND32) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (WSDScan) -- C:\WINDOWS\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (cdrblock) -- C:\WINDOWS\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.) DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (GT680x) -- C:\WINDOWS\System32\drivers\Tr11691g.sys ( ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Gini\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.12.04 19:47:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 12:08:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 19:02:08 | 000,000,000 | ---D | M] [2009.08.04 22:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Extensions [2011.09.15 23:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions [2010.02.05 21:33:03 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.04.26 04:21:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.05 21:33:33 | 000,005,591 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml [2010.02.05 21:33:33 | 000,001,371 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml [2010.02.05 21:33:33 | 000,010,605 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml [2010.02.05 21:33:33 | 000,005,588 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml [2011.11.11 12:08:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.11.11 03:25:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.04.06 18:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2011.04.06 18:25:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de [2011.11.11 12:08:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.07 20:17:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.02 19:53:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.15 22:56:44 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.02 19:53:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.02 19:53:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.02 19:53:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.02 19:53:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.02 19:53:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [{1DE32EDA-810C-11DE-8C71-806E6F6E6963}] C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON Stylus S20 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Guiobj] C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe () O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1CC96D9-7745-4F6E-A238-4D941A15E209}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF38E2E8-A3E5-432E-BFA0-EA4F3DC1DDA4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\AutoRun\command - "" = 3dcs9.exe O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\open\Command - "" = 3dcs9.exe O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\AutoRun\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\open\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell - "" = AutoRun O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = bbjl2g.exe O33 - MountPoints2\G\Shell\open\Command - "" = bbjl2g.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {57C1E4AB-0EAB-9314-7649-86BC13BBE07B} - Microsoft Windows Media Player 11.0 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F1AB6F8D-00D4-C54E-2448-B05A7D5053C4} - Browser Customizations ActiveX: {I61Q743T-6F4M-747Y-74Y6-3R07CD23P578} - C:\WINDOWS\System32\services\svchost.exe ActiveX: {L7H8870L-DK8F-60KX-6A6V-80J4A7120VX5} - C:\WINDOWS\System32\services\svchost.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.CDV5 - cdv5codc.dll File not found Drivers32: vidc.CDVC - cdvccodc.dll File not found Drivers32: vidc.CDVH - cdvhcodc.dll File not found Drivers32: vidc.CLLC - cllccodc.dll File not found Drivers32: vidc.CMIC - cmiccodc.dll File not found Drivers32: vidc.CUVC - cuvccodc.dll File not found Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.20 18:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.20 16:19:47 | 000,000,000 | ---D | C] -- C:\Users\Gini\AppData\Roaming\Malwarebytes [2011.12.20 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.20 16:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.20 16:19:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.20 16:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.20 15:36:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gini\Desktop\OTL.exe [2011.12.15 01:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.15 01:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.14 22:02:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.14 22:02:09 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.14 22:02:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.14 22:02:04 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.14 22:02:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.14 22:01:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.14 22:01:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.14 22:01:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.14 22:01:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.14 22:01:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.12.14 22:01:49 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.12.14 22:01:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.12.14 22:01:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.12.14 22:01:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.12.14 22:01:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.14 22:01:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.12.14 22:01:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.14 22:01:47 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.12.14 22:01:47 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.12.14 22:01:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.12.14 22:01:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.12.14 22:01:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.12.14 22:01:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.12.14 22:01:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.02.07 18:11:16 | 000,017,168 | ---- | C] ( ) -- C:\Windows\System32\drivers\Tr11691g.sys ========== Files - Modified Within 30 Days ========== [2011.12.21 19:33:22 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.21 19:33:22 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.21 19:33:22 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.21 19:33:22 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.21 19:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.21 19:27:31 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.21 19:26:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 19:26:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 00:23:32 | 000,008,484 | ---- | M] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat [2011.12.20 23:59:41 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.12.20 23:38:55 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.12.20 23:37:43 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.20 18:11:52 | 000,001,689 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.20 16:19:41 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.20 15:36:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gini\Desktop\OTL.exe [2011.12.20 13:13:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0CC304BC-061E-4C38-9BEE-AE7256FC0F2A}.job [2011.12.20 02:26:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2473411955-2618269059-2716716298-1000UA.job [2011.12.19 23:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2473411955-2618269059-2716716298-1000Core.job [2011.12.18 10:14:48 | 003,761,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.16 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Gini.job [2011.12.15 01:01:57 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.13 16:34:44 | 000,023,578 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat [2011.12.08 16:01:45 | 000,117,760 | ---- | M] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.06 17:50:23 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2011.12.20 16:19:41 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.15 01:01:57 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.15 00:04:15 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.09.25 19:35:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.24 23:09:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.02.26 10:40:09 | 000,000,000 | ---- | C] () -- C:\Windows\canopus.ini [2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius5db.dll [2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius.dll [2011.02.17 03:58:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2010.11.12 11:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.11.11 22:00:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.11.11 22:00:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.09.06 10:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll [2010.03.08 18:02:38 | 000,697,897 | ---- | C] () -- C:\Windows\unins000.exe [2010.03.08 18:02:38 | 000,026,018 | ---- | C] () -- C:\Windows\unins000.dat [2010.03.02 11:11:30 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.03.02 11:11:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.03.02 11:11:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.03.02 11:11:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.03.02 11:11:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.03.02 11:11:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.03.02 11:11:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.03.02 11:11:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.03.02 11:11:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.03.02 11:11:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.03.02 11:11:30 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.03.02 11:11:30 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.03.02 11:11:30 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.03.02 11:11:30 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.03.02 11:11:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.03.02 11:08:08 | 000,000,025 | ---- | C] () -- C:\Windows\CSES20.ini [2010.02.07 18:23:13 | 000,030,720 | ---- | C] () -- C:\Windows\EWhiteu12.dat [2010.02.07 18:23:13 | 000,000,004 | ---- | C] () -- C:\Windows\AErroru3.dat [2010.02.07 18:23:11 | 000,030,720 | ---- | C] () -- C:\Windows\EDarku12.dat [2010.02.07 18:23:08 | 000,000,006 | ---- | C] () -- C:\Windows\EExpou.dat [2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EOffsetu.dat [2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EGain6.dat [2010.02.07 18:11:16 | 000,188,416 | ---- | C] () -- C:\Windows\Ausba2.dll [2010.02.07 18:11:16 | 000,026,624 | ---- | C] () -- C:\Windows\artcomm.dll [2010.02.07 18:11:16 | 000,011,457 | ---- | C] () -- C:\Windows\Trust32.ini [2010.02.07 18:11:16 | 000,002,495 | ---- | C] () -- C:\Windows\Ausba2.INI [2009.12.25 08:51:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.06 16:59:45 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.06 16:59:44 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.23 23:43:48 | 000,008,484 | ---- | C] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat [2009.09.30 16:44:39 | 000,023,578 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat [2009.08.05 02:20:13 | 000,117,760 | ---- | C] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.04 20:18:27 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.001 [2009.08.04 20:18:26 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.dat [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2008.04.15 20:59:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.04.15 20:50:48 | 000,001,689 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.11.26 21:18:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.11.26 21:18:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.26 21:18:48 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.11.26 21:18:48 | 000,125,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.09.05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 003,761,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.11.18 23:11:21 | 000,147,867 | -H-- | C] () -- C:\Users\Gini\AppData\Roaming\Ginilog.dat [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.17 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Adobe [2011.12.08 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Apple Computer [2011.01.27 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Avira [2011.09.15 22:56:42 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Babylon [2011.12.21 01:37:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\BitTorrent [2011.02.26 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Canopus [2011.09.08 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.01.13 08:07:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\CyberLink [2011.07.28 22:02:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DAEMON Tools Lite [2011.05.29 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DeepBurner [2010.05.31 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DivX [2009.09.09 01:08:37 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Download Manager [2011.06.13 03:45:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\dvdcss [2011.09.28 22:41:04 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoft [2011.01.06 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers [2009.09.01 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\EuroTalk [2010.03.28 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Facebook [2010.07.30 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\foobar2000 [2011.03.01 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\FreeFLVConverter [2009.08.09 07:14:18 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Google [2010.06.26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\GTek [2009.12.17 04:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\gtk-2.0 [2010.08.24 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Helper [2009.08.06 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Hewlett-Packard [2009.08.08 04:57:41 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HP [2011.12.13 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HpUpdate [2010.05.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\ICQ [2009.08.04 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Identities [2010.01.16 23:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InstallShield [2010.12.04 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InternetManager_Z [2009.09.08 17:45:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\IrfanView [2009.08.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Macromedia [2011.06.29 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\MAGIX [2011.12.20 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Media Center Programs [2009.04.11 07:27:36 | 000,000,000 | --SD | M] -- C:\Users\Gini\AppData\Roaming\Microsoft [2009.08.04 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Mozilla [2010.09.13 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\NCH Software [2010.03.05 06:42:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\OpenOffice.org [2011.09.25 19:35:41 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\pdfforge [2011.12.21 01:37:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Skype [2011.07.14 23:02:13 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\skypePM [2009.08.04 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Symantec [2010.12.04 16:54:35 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile [2010.12.04 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile Internet Manager [2011.02.17 01:48:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Teleca [2009.09.30 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Template [2010.10.24 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\TubeBox [2011.12.06 21:44:53 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\vlc [2009.08.05 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WildTangent [2009.08.15 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.08.25 20:54:12 | 000,000,000 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe [2010.03.28 00:22:51 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Gini\AppData\Roaming\Facebook\uninstall.exe [2011.09.08 14:43:15 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gini\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.04.11 07:27:36 | 000,099,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2009.08.04 18:13:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys [2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys [2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys [2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys [2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
21.12.2011, 20:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842"
[2010.02.05 21:33:33 | 000,005,591 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml
[2010.02.05 21:33:33 | 000,001,371 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml
[2010.02.05 21:33:33 | 000,010,605 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml
[2010.02.05 21:33:33 | 000,005,588 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml
[2011.04.06 18:25:37 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.09.15 22:56:44 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [{1DE32EDA-810C-11DE-8C71-806E6F6E6963}] C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Getdo] File not found
O4 - HKCU..\Run: [Guiobj] C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\AutoRun\command - "" = 3dcs9.exe
O33 - MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\Shell\open\Command - "" = 3dcs9.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\AutoRun\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\Shell\open\command - "" = F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell - "" = AutoRun
O33 - MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = bbjl2g.exe
O33 - MountPoints2\G\Shell\open\Command - "" = bbjl2g.exe
:Files
C:\Users\Gini\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 20:44
| #11 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" All processes killed ========== OTL ========== Prefs.js: "WEB.DE Suche" removed from browser.search.defaultenginename Prefs.js: "GMX Suche" removed from browser.search.order.1 Prefs.js: "1und1 Suche" removed from browser.search.order.2 Prefs.js: "amazon.de" removed from browser.search.order.3 Prefs.js: "WEB.DE Suche" removed from browser.search.order.4 Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr Prefs.js: ff-bmboc@bytemobile.com:4.2.2 removed from extensions.enabledItems Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f2063d0b000000000000001f3b1557bf&tlver=1.4.35.10&affID=100842" removed from keyword.URL C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\1und1-suche.xml moved successfully. C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\amazonde.xml moved successfully. C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\gmx-suche.xml moved successfully. C:\Users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\searchplugins\webde-suche.xml moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully. C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{1DE32EDA-810C-11DE-8C71-806E6F6E6963} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DE32EDA-810C-11DE-8C71-806E6F6E6963}\ not found. C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully. C:\Users\Gini\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Guiobj deleted successfully. C:\Users\Gini\AppData\Roaming\Adobe\Update\forvid.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. D:\AUTOMODE moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found. File 3dcs9.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4afcf6e2-4051-11df-9748-001e37e47c73}\ not found. File 3dcs9.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64270003-a4be-11de-834d-001e37e47c73}\ not found. File F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64270003-a4be-11de-834d-001e37e47c73}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64270003-a4be-11de-834d-001e37e47c73}\ not found. File F:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8897a9f-b8e5-11e0-b4d1-001e37e47c73}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. File bbjl2g.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File bbjl2g.exe not found. ========== FILES ========== C:\Users\Gini\AppData\Roaming\Babylon folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gini ->Temp folder emptied: 70751883 bytes ->Temporary Internet Files folder emptied: 24815255 bytes ->Java cache emptied: 1262450 bytes ->FireFox cache emptied: 44019332 bytes ->Flash cache emptied: 60988 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9978511 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 144,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12212011_203844 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
21.12.2011, 21:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 21:15
| #13 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" 21:11:06.0814 4560 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 21:11:06.0898 4560 ============================================================ 21:11:06.0898 4560 Current date / time: 2011/12/21 21:11:06.0898 21:11:06.0898 4560 SystemInfo: 21:11:06.0898 4560 21:11:06.0898 4560 OS Version: 6.0.6002 ServicePack: 2.0 21:11:06.0898 4560 Product type: Workstation 21:11:06.0899 4560 ComputerName: GINI-PC 21:11:06.0899 4560 UserName: Gini 21:11:06.0899 4560 Windows directory: C:\Windows 21:11:06.0899 4560 System windows directory: C:\Windows 21:11:06.0899 4560 Processor architecture: Intel x86 21:11:06.0899 4560 Number of processors: 2 21:11:06.0899 4560 Page size: 0x1000 21:11:06.0899 4560 Boot type: Normal boot 21:11:06.0899 4560 ============================================================ 21:11:08.0006 4560 Initialize success 21:12:38.0572 4660 ============================================================ 21:12:38.0572 4660 Scan started 21:12:38.0572 4660 Mode: Manual; SigCheck; TDLFS; 21:12:38.0572 4660 ============================================================ 21:12:42.0508 4660 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 21:12:42.0610 4660 ACPI - ok 21:12:42.0795 4660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 21:12:42.0858 4660 adp94xx - ok 21:12:43.0171 4660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 21:12:43.0230 4660 adpahci - ok 21:12:43.0374 4660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 21:12:43.0428 4660 adpu160m - ok 21:12:43.0657 4660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 21:12:43.0731 4660 adpu320 - ok 21:12:43.0983 4660 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 21:12:44.0137 4660 AFD - ok 21:12:44.0358 4660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 21:12:44.0423 4660 agp440 - ok 21:12:44.0675 4660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 21:12:44.0739 4660 aic78xx - ok 21:12:44.0957 4660 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys 21:12:45.0237 4660 aksfridge - ok 21:12:45.0394 4660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 21:12:45.0451 4660 aliide - ok 21:12:45.0642 4660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 21:12:45.0730 4660 amdagp - ok 21:12:45.0904 4660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 21:12:45.0966 4660 amdide - ok 21:12:46.0172 4660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 21:12:46.0403 4660 AmdK7 - ok 21:12:46.0567 4660 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 21:12:46.0660 4660 AmdK8 - ok 21:12:46.0870 4660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 21:12:46.0921 4660 arc - ok 21:12:47.0084 4660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 21:12:47.0139 4660 arcsas - ok 21:12:47.0329 4660 as6eio - ok 21:12:47.0412 4660 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 21:12:47.0624 4660 AsyncMac - ok 21:12:47.0869 4660 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 21:12:47.0904 4660 atapi - ok 21:12:48.0059 4660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 21:12:48.0174 4660 avgio - ok 21:12:48.0332 4660 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 21:12:48.0408 4660 avgntflt - ok 21:12:48.0696 4660 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 21:12:48.0740 4660 avipbb - ok 21:12:49.0085 4660 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 21:12:49.0281 4660 BCM43XV - ok 21:12:49.0483 4660 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 21:12:49.0606 4660 Beep - ok 21:12:49.0785 4660 blbdrive - ok 21:12:49.0963 4660 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys 21:12:50.0026 4660 BMLoad ( UnsignedFile.Multi.Generic ) - warning 21:12:50.0026 4660 BMLoad - detected UnsignedFile.Multi.Generic (1) 21:12:50.0294 4660 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 21:12:50.0410 4660 bowser - ok 21:12:50.0724 4660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 21:12:50.0911 4660 BrFiltLo - ok 21:12:51.0025 4660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 21:12:51.0155 4660 BrFiltUp - ok 21:12:51.0292 4660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 21:12:51.0452 4660 Brserid - ok 21:12:51.0570 4660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 21:12:51.0687 4660 BrSerWdm - ok 21:12:51.0831 4660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 21:12:51.0930 4660 BrUsbMdm - ok 21:12:52.0040 4660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 21:12:52.0115 4660 BrUsbSer - ok 21:12:52.0193 4660 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 21:12:52.0304 4660 BthEnum - ok 21:12:52.0444 4660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 21:12:52.0568 4660 BTHMODEM - ok 21:12:52.0727 4660 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 21:12:52.0820 4660 BthPan - ok 21:12:52.0990 4660 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 21:12:53.0100 4660 BTHPORT - ok 21:12:53.0228 4660 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 21:12:53.0318 4660 BTHUSB - ok 21:12:53.0486 4660 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys 21:12:53.0539 4660 btwaudio - ok 21:12:53.0672 4660 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys 21:12:53.0725 4660 btwavdt - ok 21:12:53.0762 4660 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys 21:12:53.0810 4660 btwrchid - ok 21:12:53.0930 4660 CA561 - ok 21:12:54.0004 4660 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 21:12:54.0129 4660 cdfs - ok 21:12:54.0257 4660 cdrblock (15e3e2920adac7450e0c7ae5f23a5f53) C:\Windows\system32\DRIVERS\cdrblock.sys 21:12:54.0310 4660 cdrblock - ok 21:12:54.0420 4660 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 21:12:54.0537 4660 cdrom - ok 21:12:54.0651 4660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 21:12:54.0805 4660 circlass - ok 21:12:54.0890 4660 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 21:12:54.0968 4660 CLFS - ok 21:12:55.0120 4660 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 21:12:55.0237 4660 CmBatt - ok 21:12:55.0290 4660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 21:12:55.0335 4660 cmdide - ok 21:12:55.0484 4660 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 21:12:55.0542 4660 Compbatt - ok 21:12:55.0589 4660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 21:12:55.0646 4660 crcdisk - ok 21:12:55.0749 4660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 21:12:55.0909 4660 Crusoe - ok 21:12:56.0015 4660 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 21:12:56.0128 4660 DfsC - ok 21:12:56.0338 4660 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 21:12:56.0408 4660 disk - ok 21:12:56.0581 4660 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 21:12:56.0691 4660 drmkaud - ok 21:12:56.0894 4660 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:12:56.0957 4660 dtsoftbus01 - ok 21:12:57.0068 4660 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 21:12:57.0096 4660 DXGKrnl - ok 21:12:57.0263 4660 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 21:12:57.0372 4660 E100B - ok 21:12:57.0489 4660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 21:12:57.0603 4660 E1G60 - ok 21:12:57.0763 4660 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 21:12:57.0810 4660 Ecache - ok 21:12:57.0874 4660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 21:12:57.0928 4660 elxstor - ok 21:12:58.0107 4660 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 21:12:58.0202 4660 exfat - ok 21:12:58.0381 4660 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 21:12:58.0492 4660 fastfat - ok 21:12:58.0652 4660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 21:12:58.0824 4660 fdc - ok 21:12:58.0985 4660 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 21:12:59.0022 4660 FileInfo - ok 21:12:59.0075 4660 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 21:12:59.0167 4660 Filetrace - ok 21:12:59.0330 4660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 21:12:59.0409 4660 flpydisk - ok 21:12:59.0548 4660 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 21:12:59.0596 4660 FltMgr - ok 21:12:59.0765 4660 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 21:12:59.0823 4660 Fs_Rec - ok 21:12:59.0857 4660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 21:12:59.0899 4660 gagp30kx - ok 21:13:00.0058 4660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:13:00.0104 4660 GEARAspiWDM - ok 21:13:00.0155 4660 GT680x (2c82b2b948cd8cef370d820178bc821c) C:\Windows\system32\Drivers\Tr11691g.SYS 21:13:00.0220 4660 GT680x ( UnsignedFile.Multi.Generic ) - warning 21:13:00.0220 4660 GT680x - detected UnsignedFile.Multi.Generic (1) 21:13:00.0365 4660 Hardlock (2a2448dd47208722c0cf3665687ae9f6) C:\Windows\system32\drivers\hardlock.sys 21:13:00.0535 4660 Hardlock - ok 21:13:00.0691 4660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 21:13:00.0863 4660 HdAudAddService - ok 21:13:00.0996 4660 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:13:01.0092 4660 HDAudBus - ok 21:13:01.0135 4660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 21:13:01.0298 4660 HidBth - ok 21:13:01.0424 4660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 21:13:01.0477 4660 HidIr - ok 21:13:01.0566 4660 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 21:13:01.0643 4660 HidUsb - ok 21:13:01.0769 4660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 21:13:01.0800 4660 HpCISSs - ok 21:13:01.0854 4660 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 21:13:01.0922 4660 HpqKbFiltr - ok 21:13:02.0077 4660 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 21:13:02.0121 4660 HpqRemHid - ok 21:13:02.0266 4660 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 21:13:02.0348 4660 HSFHWAZL - ok 21:13:02.0407 4660 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 21:13:02.0563 4660 HSF_DPV - ok 21:13:02.0761 4660 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys 21:13:02.0832 4660 HTCAND32 - ok 21:13:02.0905 4660 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 21:13:03.0019 4660 HTTP - ok 21:13:03.0204 4660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 21:13:03.0248 4660 i2omp - ok 21:13:03.0406 4660 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 21:13:03.0491 4660 i8042prt - ok 21:13:03.0673 4660 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 21:13:03.0865 4660 ialm - ok 21:13:03.0963 4660 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 21:13:03.0982 4660 iaStor - ok 21:13:04.0022 4660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 21:13:04.0085 4660 iaStorV - ok 21:13:04.0233 4660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 21:13:04.0268 4660 iirsp - ok 21:13:04.0457 4660 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 21:13:04.0544 4660 IntcAzAudAddService - ok 21:13:04.0716 4660 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 21:13:04.0774 4660 intelide - ok 21:13:04.0991 4660 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 21:13:05.0032 4660 intelppm - ok 21:13:05.0205 4660 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:13:05.0303 4660 IpFilterDriver - ok 21:13:05.0396 4660 IpInIp - ok 21:13:05.0438 4660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 21:13:05.0518 4660 IPMIDRV - ok 21:13:05.0643 4660 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 21:13:05.0705 4660 IPNAT - ok 21:13:05.0905 4660 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 21:13:06.0003 4660 IRENUM - ok 21:13:06.0116 4660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 21:13:06.0170 4660 isapnp - ok 21:13:06.0337 4660 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 21:13:06.0372 4660 iScsiPrt - ok 21:13:06.0417 4660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 21:13:06.0465 4660 iteatapi - ok 21:13:06.0589 4660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 21:13:06.0645 4660 iteraid - ok 21:13:06.0695 4660 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 21:13:06.0759 4660 kbdclass - ok 21:13:06.0905 4660 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 21:13:07.0029 4660 kbdhid - ok 21:13:07.0150 4660 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 21:13:07.0210 4660 KSecDD - ok 21:13:07.0379 4660 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 21:13:07.0453 4660 lltdio - ok 21:13:07.0508 4660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 21:13:07.0523 4660 LSI_FC - ok 21:13:07.0657 4660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 21:13:07.0672 4660 LSI_SAS - ok 21:13:07.0725 4660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 21:13:07.0774 4660 LSI_SCSI - ok 21:13:07.0929 4660 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 21:13:08.0031 4660 luafv - ok 21:13:08.0158 4660 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys 21:13:08.0241 4660 massfilter - ok 21:13:08.0378 4660 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys 21:13:08.0429 4660 MBAMProtector - ok 21:13:08.0577 4660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 21:13:08.0625 4660 megasas - ok 21:13:08.0681 4660 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 21:13:08.0779 4660 Modem - ok 21:13:08.0956 4660 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 21:13:08.0996 4660 monitor - ok 21:13:09.0111 4660 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 21:13:09.0149 4660 mouclass - ok 21:13:09.0199 4660 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 21:13:09.0249 4660 mouhid - ok 21:13:09.0369 4660 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 21:13:09.0384 4660 MountMgr - ok 21:13:09.0474 4660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 21:13:09.0516 4660 mpio - ok 21:13:09.0659 4660 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 21:13:09.0741 4660 mpsdrv - ok 21:13:09.0877 4660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 21:13:09.0917 4660 Mraid35x - ok 21:13:09.0966 4660 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 21:13:10.0061 4660 MRxDAV - ok 21:13:10.0169 4660 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:13:10.0273 4660 mrxsmb - ok 21:13:10.0381 4660 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:13:10.0480 4660 mrxsmb10 - ok 21:13:10.0612 4660 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:13:10.0717 4660 mrxsmb20 - ok 21:13:10.0843 4660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 21:13:10.0899 4660 msahci - ok 21:13:10.0936 4660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 21:13:11.0004 4660 msdsm - ok 21:13:11.0155 4660 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 21:13:11.0257 4660 Msfs - ok 21:13:11.0386 4660 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 21:13:11.0420 4660 msisadrv - ok 21:13:11.0510 4660 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 21:13:11.0535 4660 MSKSSRV - ok 21:13:11.0679 4660 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 21:13:11.0726 4660 MSPCLOCK - ok 21:13:11.0800 4660 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 21:13:11.0854 4660 MSPQM - ok 21:13:11.0981 4660 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 21:13:12.0049 4660 MsRPC - ok 21:13:12.0179 4660 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 21:13:12.0192 4660 mssmbios - ok 21:13:12.0246 4660 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 21:13:12.0300 4660 MSTEE - ok 21:13:12.0431 4660 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 21:13:12.0484 4660 Mup - ok 21:13:12.0591 4660 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 21:13:12.0674 4660 NativeWifiP - ok 21:13:12.0879 4660 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 21:13:12.0931 4660 NDIS - ok 21:13:13.0067 4660 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 21:13:13.0172 4660 NdisTapi - ok 21:13:13.0300 4660 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 21:13:13.0386 4660 Ndisuio - ok 21:13:13.0438 4660 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:13:13.0517 4660 NdisWan - ok 21:13:13.0642 4660 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 21:13:13.0715 4660 NDProxy - ok 21:13:13.0857 4660 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 21:13:13.0916 4660 NetBIOS - ok 21:13:13.0966 4660 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 21:13:14.0060 4660 netbt - ok 21:13:14.0254 4660 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys 21:13:14.0462 4660 NETw4v32 - ok 21:13:14.0594 4660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 21:13:14.0639 4660 nfrd960 - ok 21:13:14.0748 4660 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 21:13:14.0834 4660 Npfs - ok 21:13:14.0925 4660 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 21:13:14.0969 4660 nsiproxy - ok 21:13:15.0092 4660 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 21:13:15.0207 4660 Ntfs - ok 21:13:15.0324 4660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 21:13:15.0441 4660 ntrigdigi - ok 21:13:15.0556 4660 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 21:13:15.0653 4660 Null - ok 21:13:16.0051 4660 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:13:16.0993 4660 nvlddmkm - ok 21:13:17.0111 4660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 21:13:17.0131 4660 nvraid - ok 21:13:17.0167 4660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 21:13:17.0203 4660 nvstor - ok 21:13:17.0332 4660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 21:13:17.0352 4660 nv_agp - ok 21:13:17.0362 4660 NwlnkFlt - ok 21:13:17.0373 4660 NwlnkFwd - ok 21:13:17.0444 4660 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 21:13:17.0483 4660 ohci1394 - ok 21:13:17.0633 4660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 21:13:17.0773 4660 Parport - ok 21:13:17.0901 4660 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 21:13:17.0966 4660 partmgr - ok 21:13:18.0025 4660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 21:13:18.0113 4660 Parvdm - ok 21:13:18.0256 4660 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 21:13:18.0268 4660 pci - ok 21:13:18.0309 4660 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 21:13:18.0343 4660 pciide - ok 21:13:18.0445 4660 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 21:13:18.0463 4660 pcmcia - ok 21:13:18.0546 4660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 21:13:18.0653 4660 PEAUTH - ok 21:13:18.0797 4660 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 21:13:18.0879 4660 PptpMiniport - ok 21:13:18.0922 4660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 21:13:19.0032 4660 Processor - ok 21:13:19.0193 4660 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 21:13:19.0243 4660 PSched - ok 21:13:19.0397 4660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 21:13:19.0481 4660 ql2300 - ok 21:13:19.0594 4660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 21:13:19.0639 4660 ql40xx - ok 21:13:19.0691 4660 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 21:13:19.0744 4660 QWAVEdrv - ok 21:13:19.0912 4660 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 21:13:20.0018 4660 RasAcd - ok 21:13:20.0152 4660 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:13:20.0253 4660 Rasl2tp - ok 21:13:20.0324 4660 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 21:13:20.0397 4660 RasPppoe - ok 21:13:20.0492 4660 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 21:13:20.0545 4660 RasSstp - ok 21:13:20.0619 4660 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 21:13:20.0715 4660 rdbss - ok 21:13:20.0863 4660 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:13:20.0937 4660 RDPCDD - ok 21:13:21.0015 4660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 21:13:21.0191 4660 rdpdr - ok 21:13:21.0288 4660 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 21:13:21.0381 4660 RDPENCDD - ok 21:13:21.0492 4660 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 21:13:21.0542 4660 RDPWD - ok 21:13:21.0656 4660 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 21:13:21.0695 4660 RFCOMM - ok 21:13:21.0795 4660 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 21:13:21.0870 4660 rimmptsk - ok 21:13:21.0940 4660 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 21:13:22.0031 4660 rimsptsk - ok 21:13:22.0165 4660 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 21:13:22.0219 4660 rismxdp - ok 21:13:22.0379 4660 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 21:13:22.0427 4660 rspndr - ok 21:13:22.0552 4660 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 21:13:22.0675 4660 RTL8169 - ok 21:13:22.0773 4660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 21:13:22.0827 4660 sbp2port - ok 21:13:22.0926 4660 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 21:13:23.0011 4660 sdbus - ok 21:13:23.0106 4660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 21:13:23.0236 4660 secdrv - ok 21:13:23.0363 4660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 21:13:23.0455 4660 Serenum - ok 21:13:23.0568 4660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 21:13:23.0667 4660 Serial - ok 21:13:23.0789 4660 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 21:13:23.0867 4660 sermouse - ok 21:13:24.0008 4660 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 21:13:24.0048 4660 sffdisk - ok 21:13:24.0087 4660 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 21:13:24.0187 4660 sffp_mmc - ok 21:13:24.0365 4660 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:13:24.0403 4660 sffp_sd - ok 21:13:24.0502 4660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 21:13:24.0581 4660 sfloppy - ok 21:13:24.0648 4660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 21:13:24.0691 4660 sisagp - ok 21:13:24.0814 4660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 21:13:24.0856 4660 SiSRaid2 - ok 21:13:24.0914 4660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 21:13:24.0958 4660 SiSRaid4 - ok 21:13:25.0109 4660 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 21:13:25.0216 4660 Smb - ok 21:13:25.0346 4660 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\Windows\system32\DRIVERS\smserial.sys 21:13:25.0520 4660 smserial - ok 21:13:25.0676 4660 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 21:13:25.0710 4660 spldr - ok 21:13:25.0773 4660 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 21:13:25.0856 4660 srv - ok 21:13:25.0957 4660 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 21:13:26.0083 4660 srv2 - ok 21:13:26.0208 4660 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 21:13:26.0245 4660 srvnet - ok 21:13:26.0315 4660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 21:13:26.0350 4660 ssmdrv - ok 21:13:26.0454 4660 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 21:13:26.0491 4660 swenum - ok 21:13:26.0577 4660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 21:13:26.0607 4660 Symc8xx - ok 21:13:26.0652 4660 SymIMMP - ok 21:13:26.0683 4660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 21:13:26.0721 4660 Sym_hi - ok 21:13:26.0799 4660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 21:13:26.0816 4660 Sym_u3 - ok 21:13:26.0867 4660 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys 21:13:26.0918 4660 SynTP - ok 21:13:27.0101 4660 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 21:13:27.0194 4660 Tcpip - ok 21:13:27.0392 4660 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 21:13:27.0473 4660 Tcpip6 - ok 21:13:27.0616 4660 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys 21:13:27.0680 4660 tcpipBM ( UnsignedFile.Multi.Generic ) - warning 21:13:27.0680 4660 tcpipBM - detected UnsignedFile.Multi.Generic (1) 21:13:27.0778 4660 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 21:13:27.0880 4660 tcpipreg - ok 21:13:27.0988 4660 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 21:13:28.0057 4660 TDPIPE - ok 21:13:28.0082 4660 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 21:13:28.0130 4660 TDTCP - ok 21:13:28.0266 4660 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 21:13:28.0339 4660 tdx - ok 21:13:28.0396 4660 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 21:13:28.0446 4660 TermDD - ok 21:13:28.0581 4660 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:13:28.0673 4660 tssecsrv - ok 21:13:28.0820 4660 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 21:13:28.0862 4660 tunmp - ok 21:13:28.0993 4660 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 21:13:29.0055 4660 tunnel - ok 21:13:29.0094 4660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 21:13:29.0140 4660 uagp35 - ok 21:13:29.0292 4660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 21:13:29.0320 4660 udfs - ok 21:13:29.0381 4660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 21:13:29.0411 4660 uliagpkx - ok 21:13:29.0517 4660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 21:13:29.0561 4660 uliahci - ok 21:13:29.0611 4660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 21:13:29.0665 4660 UlSata - ok 21:13:29.0766 4660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 21:13:29.0793 4660 ulsata2 - ok 21:13:29.0847 4660 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 21:13:29.0941 4660 umbus - ok 21:13:30.0128 4660 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 21:13:30.0227 4660 USBAAPL - ok 21:13:30.0364 4660 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 21:13:30.0438 4660 usbccgp - ok 21:13:30.0541 4660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 21:13:30.0640 4660 usbcir - ok 21:13:30.0781 4660 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 21:13:30.0855 4660 usbehci - ok 21:13:30.0920 4660 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 21:13:31.0003 4660 usbhub - ok 21:13:31.0103 4660 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 21:13:31.0209 4660 usbohci - ok 21:13:31.0256 4660 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 21:13:31.0359 4660 usbprint - ok 21:13:31.0489 4660 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 21:13:31.0541 4660 usbscan - ok 21:13:31.0582 4660 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:13:31.0683 4660 USBSTOR - ok 21:13:31.0804 4660 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 21:13:31.0900 4660 usbuhci - ok 21:13:32.0081 4660 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 21:13:32.0197 4660 usbvideo - ok 21:13:32.0332 4660 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 21:13:32.0409 4660 usb_rndisx - ok 21:13:32.0553 4660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 21:13:32.0628 4660 vga - ok 21:13:32.0677 4660 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 21:13:32.0763 4660 VgaSave - ok 21:13:32.0885 4660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 21:13:32.0908 4660 viaagp - ok 21:13:32.0942 4660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 21:13:33.0107 4660 ViaC7 - ok 21:13:33.0223 4660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 21:13:33.0266 4660 viaide - ok 21:13:33.0312 4660 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 21:13:33.0373 4660 volmgr - ok 21:13:33.0499 4660 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 21:13:33.0544 4660 volmgrx - ok 21:13:33.0590 4660 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 21:13:33.0611 4660 volsnap - ok 21:13:33.0749 4660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 21:13:33.0793 4660 vsmraid - ok 21:13:33.0833 4660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 21:13:33.0920 4660 WacomPen - ok 21:13:34.0032 4660 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:13:34.0116 4660 Wanarp - ok 21:13:34.0120 4660 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 21:13:34.0145 4660 Wanarpv6 - ok 21:13:34.0200 4660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 21:13:34.0234 4660 Wd - ok 21:13:34.0363 4660 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 21:13:34.0437 4660 Wdf01000 - ok 21:13:34.0606 4660 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 21:13:34.0703 4660 winachsf - ok 21:13:34.0875 4660 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 21:13:34.0958 4660 winusb - ok 21:13:35.0090 4660 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:13:35.0153 4660 WmiAcpi - ok 21:13:35.0342 4660 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 21:13:35.0491 4660 WpdUsb - ok 21:13:35.0619 4660 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 21:13:35.0734 4660 ws2ifsl - ok 21:13:35.0888 4660 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 21:13:35.0958 4660 WSDPrintDevice - ok 21:13:36.0060 4660 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys 21:13:36.0133 4660 WSDScan - ok 21:13:36.0247 4660 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:13:36.0349 4660 WUDFRd - ok 21:13:36.0470 4660 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 21:13:36.0572 4660 ZTEusbmdm6k - ok 21:13:36.0631 4660 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 21:13:36.0647 4660 ZTEusbnmea - ok 21:13:36.0732 4660 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 21:13:36.0748 4660 ZTEusbser6k - ok 21:13:36.0797 4660 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 21:13:37.0560 4660 \Device\Harddisk0\DR0 - ok 21:13:37.0565 4660 Boot (0x1200) (ded8f0cbff98bc813ae9fd22a5eee9b1) \Device\Harddisk0\DR0\Partition0 21:13:37.0568 4660 \Device\Harddisk0\DR0\Partition0 - ok 21:13:37.0627 4660 Boot (0x1200) (6b5b1302ec484030ce305201feee8dd9) \Device\Harddisk0\DR0\Partition1 21:13:37.0628 4660 \Device\Harddisk0\DR0\Partition1 - ok 21:13:37.0629 4660 ============================================================ 21:13:37.0629 4660 Scan finished 21:13:37.0629 4660 ============================================================ 21:13:37.0645 0532 Detected object count: 3 21:13:37.0645 0532 Actual detected object count: 3 21:13:57.0301 0532 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:57.0302 0532 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:57.0303 0532 GT680x ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:57.0303 0532 GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:57.0304 0532 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:57.0304 0532 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
21.12.2011, 21:17
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 21:55
| #15 |
| | "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" Ich hatte anfangs Probleme ComboFix zum laufen zu bringen. Es schloss sich immer wieder das Fenster und dann passierte nichts. Wie als könne die Anwendung nicht ausgeführt werden. Hat dann aber nach mehrmaligen probieren doch geklappt. Hoffe dass hat keine Auswirkung?  Combofix Logfile: Code:
ATTFilter ComboFix 11-12-21.02 - Gini 21.12.2011 21:37:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.941 [GMT 1:00]
ausgeführt von:: c:\users\Gini\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gini\AppData\Roaming\Adobe\Update\flacor.dat
c:\users\Gini\AppData\Roaming\Ginilog.dat
c:\users\Gini\AppData\Roaming\Microsoft\Windows\Recent\www.torrent.to - Die besten und schnellsten Bit Torrent Downloads im Netz.url
c:\windows\IsUn0407.exe
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-21 bis 2011-12-21 ))))))))))))))))))))))))))))))
.
.
2011-12-21 20:46 . 2011-12-21 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 19:40 . 2011-12-21 19:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9F16002-52FB-4AD4-A944-831143BB1EE8}\offreg.dll
2011-12-21 19:38 . 2011-12-21 19:38 -------- d-----w- C:\_OTL
2011-12-20 17:17 . 2011-12-20 17:17 -------- d-----w- c:\program files\ESET
2011-12-20 15:19 . 2011-12-20 15:19 -------- d-----w- c:\users\Gini\AppData\Roaming\Malwarebytes
2011-12-20 15:19 . 2011-12-20 15:19 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 15:19 . 2011-12-20 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 15:19 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 11:40 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9F16002-52FB-4AD4-A944-831143BB1EE8}\mpengine.dll
2011-12-15 00:01 . 2011-12-15 00:01 -------- d-----w- c:\program files\iPod
2011-12-14 21:02 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 21:02 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 21:02 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 21:02 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 21:02 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 21:02 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 16:50 . 2009-10-04 23:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-28 19:09 . 2011-06-28 09:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-11 11:08 . 2011-04-06 17:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
MCtlSvc.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2010-12-4 89600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-11-24 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 13184]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 27704]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 20499141
*Deregistered* - 20499141
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\User_Feed_Synchronization-{0CC304BC-061E-4C38-9BEE-AE7256FC0F2A}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Gini\AppData\Roaming\Mozilla\Firefox\Profiles\rme4ooak.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Zanzarah - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-21 21:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-21 21:49:52
ComboFix-quarantined-files.txt 2011-12-21 20:49
.
Vor Suchlauf: 14 Verzeichnis(se), 39.006.285.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 38.958.735.360 Bytes frei
.
- - End Of File - - 4E87811B3F1893BB73503EDAD0245CE5
|
|
| Themen zu "Aus Sicherheitsgründen wurde ihr WIndows System blockiert" |
| aus sicherheitsgründen, blockiert, hoffe, log, sicherheitsgründe, sicherheitsgründen, system, system blockiert, windows, windows system, windows system blockiert, wurde ihr |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
