| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: achtung windowssyset wurde blockiert - bezahlen und runterladenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2011, 10:45
| #1 |
| |  achtung windowssyset wurde blockiert - bezahlen und runterladen Guten Tag, wie soviele hats auch mich erwischt! Was ich bisher gemacht habe: - windows 7 (64bit) im abgesicherten modus mit eingabeauforderung gestartet - mit otl.exe einen quickscan durch geführt - den log (otl.txt) ist unten in der textbox und die extras.txt im anhang schon im Voraus ein ganz grosses DANKESCHÖN für eure Hilfe!!! Code:
ATTFilter OTL logfile created on: 23.12.2011 10:12:50 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = E:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,06% Memory free 7,58 Gb Paging File | 6,80 Gb Available in Paging File | 89,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 23,28 Gb Free Space | 31,24% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 94,80 Gb Free Space | 46,47% Space Free | Partition Type: NTFS Drive E: | 7,44 Gb Total Space | 7,43 Gb Free Space | 99,91% Space Free | Partition Type: FAT32 Computer Name: LUZIUS-PC | User Name: Luzius | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.23 09:47:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.12.08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.13 06:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV - [2011.06.30 22:10:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 11:16:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.16 12:16:08 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.03.27 16:34:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.22 21:55:24 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.07.31 05:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.13 06:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.30 22:10:13 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.30 22:10:13 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.08.16 12:02:50 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2010.07.21 15:45:16 | 000,130,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.04.19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.04 10:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.26 09:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.02.02 23:38:29 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.12.28 07:16:45 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.12.17 03:42:07 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.29 04:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.29 02:38:00 | 000,058,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2009.07.24 19:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 05:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.06.19 18:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 17:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 20:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.12.08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {d166ee2a-36bb-4f33-aff7-e85f912df509}:0.4.1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010.07.16 07:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.14 00:43:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.01 15:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.01 15:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010.07.16 07:20:05 | 000,000,000 | ---D | M] [2010.09.19 13:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luzius\AppData\Roaming\mozilla\Extensions [2010.09.19 13:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luzius\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.20 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luzius\AppData\Roaming\mozilla\Firefox\Profiles\josqb3kg.default\extensions [2010.09.19 14:18:51 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Luzius\AppData\Roaming\mozilla\Firefox\Profiles\josqb3kg.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2011.09.13 22:01:52 | 000,000,000 | ---D | M] (LiveClick) -- C:\Users\Luzius\AppData\Roaming\mozilla\Firefox\Profiles\josqb3kg.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509} [2011.12.14 00:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\LUZIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JOSQB3KG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\LUZIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JOSQB3KG.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI () (No name found) -- C:\USERS\LUZIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JOSQB3KG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2011.12.14 00:43:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 16:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011.10.13 16:38:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.13 16:38:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.13 16:38:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.13 16:38:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.13 16:38:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.13 16:38:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [{4A93F001-909B-11DF-BA35-806E6F6E6963}] C:\Users\Luzius\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe File not found O4 - Startup: C:\Users\Luzius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Luzius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.87.140.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7A1956-C1BC-4AD5-9F9F-7A590CE235A4}: DhcpNameServer = 147.87.140.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D550DF90-04C3-45C1-A3F9-F2C77D4B9C5F}: DhcpNameServer = 213.55.128.1 213.55.128.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 23:21:29 | 000,000,000 | ---D | C] -- C:\Users\Luzius\Desktop\2001 dezember_ mit antje im schwarzeburgerland [2011.12.22 22:38:31 | 000,000,000 | R--D | C] -- C:\Users\Luzius\Contacts [2011.12.22 21:12:54 | 000,000,000 | ---D | C] -- C:\Users\Luzius\Desktop\other [2011.12.22 21:00:59 | 000,000,000 | ---D | C] -- C:\Users\Luzius\Desktop\photo auswahl [2011.12.22 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Luzius\AppData\Roaming\DiskAid [2011.12.22 20:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid [2011.12.22 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA [2011.12.22 20:55:04 | 007,783,424 | ---- | C] (i-Funbox.com) -- C:\Users\Luzius\Desktop\iFunBox.exe [2011.12.20 22:17:58 | 000,000,000 | ---D | C] -- C:\Users\Luzius\.jenny [2011.12.20 21:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.13 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\Luzius\Desktop\auswahl [2011.12.05 15:40:03 | 000,000,000 | ---D | C] -- C:\Users\Luzius\AppData\Roaming\Mp3tag [2011.12.05 15:39:13 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2011.12.05 15:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2011.12.04 23:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.04 23:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.04 23:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.12.04 23:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.04 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.12.04 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.11.29 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Luzius\Desktop\reise ========== Files - Modified Within 30 Days ========== [2011.12.23 10:09:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.23 10:09:07 | 3054,522,368 | -HS- | M] () -- C:\hiberfil.sys [2011.12.23 09:59:24 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.23 09:59:24 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.23 00:43:28 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.23 00:43:28 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.23 00:43:28 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.23 00:43:28 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.23 00:43:28 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.23 00:23:48 | 000,002,030 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.12.23 00:13:02 | 000,420,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.22 20:58:52 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk [2011.12.22 20:58:35 | 000,000,218 | ---- | M] () -- C:\Users\Luzius\.recently-used.xbel [2011.12.20 23:49:55 | 000,011,250 | ---- | M] () -- C:\Users\Luzius\Desktop\BirdsNest_deu_subtitles-de.sub [2011.12.20 22:07:50 | 013,957,598 | ---- | M] () -- C:\Users\Luzius\g3073.png [2011.12.14 22:07:05 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.12.06 14:51:42 | 007,783,424 | ---- | M] (i-Funbox.com) -- C:\Users\Luzius\Desktop\iFunBox.exe ========== Files Created - No Company Name ========== [2011.12.22 20:58:52 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk [2011.12.22 20:58:35 | 000,000,218 | ---- | C] () -- C:\Users\Luzius\.recently-used.xbel [2011.12.20 23:49:54 | 000,011,250 | ---- | C] () -- C:\Users\Luzius\Desktop\BirdsNest_deu_subtitles-de.sub [2011.12.20 22:07:29 | 013,957,598 | ---- | C] () -- C:\Users\Luzius\g3073.png [2011.06.15 22:04:49 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.06.15 22:04:49 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [2011.06.15 22:00:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.06.15 22:00:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.03.17 10:05:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.21 09:34:33 | 000,007,610 | ---- | C] () -- C:\Users\Luzius\AppData\Local\Resmon.ResmonCfg [2010.11.10 14:28:21 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010.11.10 14:28:21 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010.09.18 23:12:33 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.07.28 20:08:46 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.07.28 20:08:44 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.07.16 06:59:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.03.23 05:33:05 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.03.23 04:49:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.03.23 04:49:11 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.02.09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.10.26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009.07.29 07:01:09 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.02 02:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== LOP Check ========== [2011.08.28 22:56:50 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\Asus WebStorage [2010.09.16 06:32:27 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\DigitalPersona [2011.12.22 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\DiskAid [2011.12.23 00:37:50 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\Dropbox [2010.11.08 22:03:24 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\EeeStorageUploader [2010.10.17 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\EndNote [2011.01.27 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\inkscape [2011.10.07 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\IrfanView [2011.04.11 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\Jpeg Resampler [2011.12.05 16:41:55 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\Mp3tag [2010.11.08 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\temp [2010.09.19 13:15:05 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\Thunderbird [2010.11.13 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Luzius\AppData\Roaming\XMedia Recode [2009.07.14 06:08:49 | 000,028,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > |
|
23.12.2011, 11:55
| #2 |
  | achtung windowssyset wurde blockiert - bezahlen und runterladen Hi,
__________________Fix für OTL (Ucash) Script auf CD oder USB-Stick kopieren, OTL starten und wie folgt vorgehen... (abgesicherter Modus mit Eingabeaufforderung OTL starten dann notepad aufrufen, Script laden und Inhalt der Codebox wie u. beschrieben in OTL kopieren)
 Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{4A93F001-909B-11DF-BA35-806E6F6E6963}] C:\Users\Luzius\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
23.12.2011, 12:17
| #3 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Vielen Dank für die rasche Antwort, Chris!
__________________-habe den fix mit otl.exe im abgesicherten modus laufen lassen. -Hier das LogFile: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{4A93F001-909B-11DF-BA35-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A93F001-909B-11DF-BA35-806E6F6E6963}\ not found.
C:\Users\Luzius\AppData\Roaming\Microsoft\dllhsts.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
OTL by OldTimer - Version 3.2.31.0 log created on 12232011_120234
-als nächstes lasse ich Malwarebytes Antimalware und TDSS-Killer laufen und poste die REsultate sobald die Scans abgeschlossen sind. |
|
23.12.2011, 12:29
| #4 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Hallo Chris, Hier nun also das Log des Malwarebytes Antimalware Suchlaufs Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122306
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.12.2011 12:26:30
mbam-log-2011-12-23 (12-26-30).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 203682
Laufzeit: 2 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Luzius\AppData\Local\Temp\0.28089948176977353.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
|
|
23.12.2011, 12:37
| #5 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Hier nun das TDSS-Killer-Log Code:
ATTFilter 12:31:27.0200 0736 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
12:31:27.0512 0736 ============================================================
12:31:27.0512 0736 Current date / time: 2011/12/23 12:31:27.0512
12:31:27.0512 0736 SystemInfo:
12:31:27.0512 0736
12:31:27.0512 0736 OS Version: 6.1.7600 ServicePack: 0.0
12:31:27.0512 0736 Product type: Workstation
12:31:27.0528 0736 ComputerName: LUZIUS-PC
12:31:27.0528 0736 UserName: Luzius
12:31:27.0528 0736 Windows directory: C:\Windows
12:31:27.0528 0736 System windows directory: C:\Windows
12:31:27.0528 0736 Running under WOW64
12:31:27.0528 0736 Processor architecture: Intel x64
12:31:27.0528 0736 Number of processors: 4
12:31:27.0528 0736 Page size: 0x1000
12:31:27.0528 0736 Boot type: Normal boot
12:31:27.0528 0736 ============================================================
12:31:28.0152 0736 Initialize success
12:31:39.0353 3696 ============================================================
12:31:39.0353 3696 Scan started
12:31:39.0353 3696 Mode: Manual;
12:31:39.0353 3696 ============================================================
12:31:39.0977 3696 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:31:39.0992 3696 1394ohci - ok
12:31:40.0039 3696 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:31:40.0055 3696 ACPI - ok
12:31:40.0101 3696 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:31:40.0101 3696 AcpiPmi - ok
12:31:40.0179 3696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:31:40.0195 3696 adp94xx - ok
12:31:40.0257 3696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:31:40.0273 3696 adpahci - ok
12:31:40.0320 3696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:31:40.0335 3696 adpu320 - ok
12:31:40.0445 3696 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:31:40.0460 3696 AFD - ok
12:31:40.0523 3696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:31:40.0538 3696 agp440 - ok
12:31:40.0569 3696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:31:40.0569 3696 aliide - ok
12:31:40.0585 3696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:31:40.0601 3696 amdide - ok
12:31:40.0647 3696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:31:40.0663 3696 AmdK8 - ok
12:31:40.0694 3696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:31:40.0694 3696 AmdPPM - ok
12:31:40.0725 3696 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:31:40.0725 3696 amdsata - ok
12:31:40.0788 3696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:31:40.0788 3696 amdsbs - ok
12:31:40.0881 3696 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:31:40.0881 3696 amdxata - ok
12:31:40.0991 3696 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
12:31:41.0006 3696 AmUStor - ok
12:31:41.0178 3696 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:31:41.0178 3696 AppID - ok
12:31:41.0318 3696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:31:41.0334 3696 arc - ok
12:31:41.0365 3696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:31:41.0381 3696 arcsas - ok
12:31:41.0443 3696 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:31:41.0443 3696 ASMMAP64 - ok
12:31:41.0568 3696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:31:41.0568 3696 AsyncMac - ok
12:31:41.0646 3696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:31:41.0661 3696 atapi - ok
12:31:41.0771 3696 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
12:31:41.0927 3696 athr - ok
12:31:42.0051 3696 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:31:42.0067 3696 avgntflt - ok
12:31:42.0129 3696 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:31:42.0129 3696 avipbb - ok
12:31:42.0270 3696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:31:42.0285 3696 b06bdrv - ok
12:31:42.0348 3696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:31:42.0363 3696 b57nd60a - ok
12:31:42.0457 3696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:31:42.0457 3696 Beep - ok
12:31:42.0582 3696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:31:42.0582 3696 blbdrive - ok
12:31:42.0660 3696 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:31:42.0660 3696 bowser - ok
12:31:42.0769 3696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:31:42.0769 3696 BrFiltLo - ok
12:31:42.0816 3696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:31:42.0816 3696 BrFiltUp - ok
12:31:42.0878 3696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:31:42.0894 3696 Brserid - ok
12:31:42.0941 3696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:31:42.0941 3696 BrSerWdm - ok
12:31:42.0987 3696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:31:43.0003 3696 BrUsbMdm - ok
12:31:43.0065 3696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:31:43.0065 3696 BrUsbSer - ok
12:31:43.0143 3696 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
12:31:43.0143 3696 BthEnum - ok
12:31:43.0237 3696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:31:43.0237 3696 BTHMODEM - ok
12:31:43.0299 3696 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:31:43.0299 3696 BthPan - ok
12:31:43.0346 3696 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
12:31:43.0362 3696 BTHPORT - ok
12:31:43.0471 3696 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
12:31:43.0471 3696 BTHUSB - ok
12:31:43.0533 3696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:31:43.0533 3696 cdfs - ok
12:31:43.0658 3696 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:31:43.0658 3696 cdrom - ok
12:31:43.0736 3696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:31:43.0736 3696 circlass - ok
12:31:43.0767 3696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:31:43.0783 3696 CLFS - ok
12:31:43.0861 3696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:31:43.0861 3696 CmBatt - ok
12:31:43.0892 3696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:31:43.0892 3696 cmdide - ok
12:31:43.0923 3696 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:31:43.0939 3696 CNG - ok
12:31:43.0970 3696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:31:43.0986 3696 Compbatt - ok
12:31:44.0079 3696 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:31:44.0079 3696 CompositeBus - ok
12:31:44.0220 3696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:44.0220 3696 crcdisk - ok
12:31:44.0298 3696 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:31:44.0313 3696 CSC - ok
12:31:44.0376 3696 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
12:31:44.0376 3696 CVirtA - ok
12:31:44.0454 3696 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
12:31:44.0469 3696 CVPNDRVA - ok
12:31:44.0563 3696 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:31:44.0563 3696 DfsC - ok
12:31:44.0625 3696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:31:44.0625 3696 discache - ok
12:31:44.0688 3696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:31:44.0688 3696 Disk - ok
12:31:44.0781 3696 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
12:31:44.0781 3696 DNE - ok
12:31:44.0891 3696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:31:44.0906 3696 drmkaud - ok
12:31:44.0953 3696 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
12:31:44.0969 3696 DXGKrnl - ok
12:31:45.0078 3696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:31:45.0218 3696 ebdrv - ok
12:31:45.0343 3696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:31:45.0359 3696 elxstor - ok
12:31:45.0374 3696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:31:45.0390 3696 ErrDev - ok
12:31:45.0499 3696 ETD (4e2f44f2b6335cd4faf9057dd0a9a61b) C:\Windows\system32\DRIVERS\ETD.sys
12:31:45.0515 3696 ETD - ok
12:31:45.0546 3696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:31:45.0561 3696 exfat - ok
12:31:45.0593 3696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:31:45.0593 3696 fastfat - ok
12:31:45.0639 3696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:31:45.0639 3696 fdc - ok
12:31:45.0655 3696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:31:45.0671 3696 FileInfo - ok
12:31:45.0686 3696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:31:45.0686 3696 Filetrace - ok
12:31:45.0717 3696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:45.0717 3696 flpydisk - ok
12:31:45.0749 3696 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:31:45.0764 3696 FltMgr - ok
12:31:45.0795 3696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:31:45.0811 3696 FsDepends - ok
12:31:45.0920 3696 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
12:31:45.0920 3696 fssfltr - ok
12:31:46.0014 3696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:31:46.0014 3696 Fs_Rec - ok
12:31:46.0107 3696 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:31:46.0123 3696 fvevol - ok
12:31:46.0154 3696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:46.0154 3696 gagp30kx - ok
12:31:46.0201 3696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:31:46.0217 3696 GEARAspiWDM - ok
12:31:46.0248 3696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:31:46.0263 3696 hcw85cir - ok
12:31:46.0295 3696 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:31:46.0310 3696 HdAudAddService - ok
12:31:46.0419 3696 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:31:46.0419 3696 HDAudBus - ok
12:31:46.0466 3696 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:31:46.0466 3696 HECIx64 - ok
12:31:46.0529 3696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:46.0529 3696 HidBatt - ok
12:31:46.0575 3696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:31:46.0575 3696 HidBth - ok
12:31:46.0607 3696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:31:46.0607 3696 HidIr - ok
12:31:46.0653 3696 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:31:46.0653 3696 HidUsb - ok
12:31:46.0700 3696 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:31:46.0716 3696 HpSAMD - ok
12:31:46.0809 3696 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:31:46.0825 3696 HTTP - ok
12:31:46.0887 3696 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:31:46.0903 3696 hwpolicy - ok
12:31:47.0028 3696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:31:47.0043 3696 i8042prt - ok
12:31:47.0355 3696 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
12:31:47.0371 3696 iaStor - ok
12:31:47.0480 3696 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:31:47.0496 3696 iaStorV - ok
12:31:47.0808 3696 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:31:48.0120 3696 igfx - ok
12:31:48.0245 3696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:31:48.0245 3696 iirsp - ok
12:31:48.0307 3696 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:31:48.0307 3696 Impcd - ok
12:31:48.0432 3696 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
12:31:48.0463 3696 IntcAzAudAddService - ok
12:31:48.0588 3696 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:31:48.0588 3696 IntcDAud - ok
12:31:48.0635 3696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:31:48.0635 3696 intelide - ok
12:31:48.0681 3696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:31:48.0681 3696 intelppm - ok
12:31:48.0697 3696 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:48.0713 3696 IpFilterDriver - ok
12:31:48.0728 3696 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:31:48.0728 3696 IPMIDRV - ok
12:31:48.0775 3696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:48.0775 3696 IPNAT - ok
12:31:48.0915 3696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:48.0915 3696 IRENUM - ok
12:31:48.0962 3696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:31:48.0962 3696 isapnp - ok
12:31:49.0009 3696 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:31:49.0025 3696 iScsiPrt - ok
12:31:49.0056 3696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:49.0056 3696 kbdclass - ok
12:31:49.0165 3696 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:49.0165 3696 kbdhid - ok
12:31:49.0212 3696 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
12:31:49.0212 3696 kbfiltr - ok
12:31:49.0243 3696 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:31:49.0243 3696 KSecDD - ok
12:31:49.0274 3696 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:49.0274 3696 KSecPkg - ok
12:31:49.0305 3696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:49.0321 3696 ksthunk - ok
12:31:49.0383 3696 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:31:49.0399 3696 L1C - ok
12:31:49.0446 3696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:49.0446 3696 lltdio - ok
12:31:49.0539 3696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:49.0555 3696 LSI_FC - ok
12:31:49.0602 3696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:49.0617 3696 LSI_SAS - ok
12:31:49.0664 3696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:49.0664 3696 LSI_SAS2 - ok
12:31:49.0711 3696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:49.0727 3696 LSI_SCSI - ok
12:31:49.0820 3696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:49.0836 3696 luafv - ok
12:31:49.0929 3696 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
12:31:49.0945 3696 MBAMProtector - ok
12:31:49.0976 3696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:31:49.0976 3696 megasas - ok
12:31:50.0007 3696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:50.0023 3696 MegaSR - ok
12:31:50.0023 3696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:50.0039 3696 Modem - ok
12:31:50.0070 3696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:50.0070 3696 monitor - ok
12:31:50.0195 3696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:50.0195 3696 mouclass - ok
12:31:50.0257 3696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:50.0273 3696 mouhid - ok
12:31:50.0288 3696 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:31:50.0288 3696 mountmgr - ok
12:31:50.0319 3696 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:31:50.0319 3696 mpio - ok
12:31:50.0351 3696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:50.0351 3696 mpsdrv - ok
12:31:50.0382 3696 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:31:50.0382 3696 MRxDAV - ok
12:31:50.0429 3696 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:50.0429 3696 mrxsmb - ok
12:31:50.0460 3696 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:50.0475 3696 mrxsmb10 - ok
12:31:50.0491 3696 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:50.0507 3696 mrxsmb20 - ok
12:31:50.0538 3696 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:31:50.0553 3696 msahci - ok
12:31:50.0569 3696 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:31:50.0585 3696 msdsm - ok
12:31:50.0616 3696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:50.0616 3696 Msfs - ok
12:31:50.0631 3696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:50.0647 3696 mshidkmdf - ok
12:31:50.0647 3696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:31:50.0663 3696 msisadrv - ok
12:31:50.0709 3696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:50.0709 3696 MSKSSRV - ok
12:31:50.0756 3696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:50.0756 3696 MSPCLOCK - ok
12:31:50.0772 3696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:50.0772 3696 MSPQM - ok
12:31:50.0803 3696 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:31:50.0819 3696 MsRPC - ok
12:31:50.0834 3696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:50.0834 3696 mssmbios - ok
12:31:50.0959 3696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:50.0959 3696 MSTEE - ok
12:31:50.0990 3696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:50.0990 3696 MTConfig - ok
12:31:51.0021 3696 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
12:31:51.0021 3696 MTsensor - ok
12:31:51.0068 3696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:51.0068 3696 Mup - ok
12:31:51.0177 3696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:51.0193 3696 NativeWifiP - ok
12:31:51.0271 3696 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:31:51.0287 3696 NDIS - ok
12:31:51.0318 3696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:51.0333 3696 NdisCap - ok
12:31:51.0411 3696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:51.0427 3696 NdisTapi - ok
12:31:51.0489 3696 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:51.0505 3696 Ndisuio - ok
12:31:51.0567 3696 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:51.0583 3696 NdisWan - ok
12:31:51.0645 3696 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:31:51.0661 3696 NDProxy - ok
12:31:51.0770 3696 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
12:31:51.0770 3696 Netaapl - ok
12:31:51.0848 3696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:51.0848 3696 NetBIOS - ok
12:31:51.0911 3696 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:31:51.0926 3696 NetBT - ok
12:31:52.0051 3696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:52.0051 3696 nfrd960 - ok
12:31:52.0113 3696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:52.0113 3696 Npfs - ok
12:31:52.0160 3696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:52.0176 3696 nsiproxy - ok
12:31:52.0238 3696 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:31:52.0301 3696 Ntfs - ok
12:31:52.0394 3696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:52.0394 3696 Null - ok
12:31:52.0675 3696 nvlddmkm (ce62dfd25e51c471517642405addc8bb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:31:52.0753 3696 nvlddmkm - ok
12:31:52.0862 3696 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:31:52.0862 3696 nvraid - ok
12:31:52.0909 3696 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:31:52.0909 3696 nvstor - ok
12:31:53.0003 3696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:31:53.0003 3696 nv_agp - ok
12:31:53.0049 3696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:31:53.0049 3696 ohci1394 - ok
12:31:53.0096 3696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:31:53.0096 3696 Parport - ok
12:31:53.0127 3696 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:31:53.0143 3696 partmgr - ok
12:31:53.0174 3696 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:31:53.0190 3696 pci - ok
12:31:53.0221 3696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:31:53.0221 3696 pciide - ok
12:31:53.0252 3696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:53.0268 3696 pcmcia - ok
12:31:53.0283 3696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:53.0299 3696 pcw - ok
12:31:53.0330 3696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:53.0346 3696 PEAUTH - ok
12:31:53.0502 3696 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:53.0502 3696 PptpMiniport - ok
12:31:53.0533 3696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:31:53.0549 3696 Processor - ok
12:31:53.0580 3696 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:31:53.0580 3696 Psched - ok
12:31:53.0642 3696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:31:53.0705 3696 ql2300 - ok
12:31:53.0798 3696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:53.0814 3696 ql40xx - ok
12:31:53.0876 3696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:53.0892 3696 QWAVEdrv - ok
12:31:53.0907 3696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:53.0923 3696 RasAcd - ok
12:31:53.0954 3696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:53.0970 3696 RasAgileVpn - ok
12:31:54.0001 3696 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:54.0017 3696 Rasl2tp - ok
12:31:54.0032 3696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:54.0048 3696 RasPppoe - ok
12:31:54.0079 3696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:54.0079 3696 RasSstp - ok
12:31:54.0110 3696 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:54.0126 3696 rdbss - ok
12:31:54.0141 3696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:54.0157 3696 rdpbus - ok
12:31:54.0173 3696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:54.0173 3696 RDPCDD - ok
12:31:54.0204 3696 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:31:54.0219 3696 RDPDR - ok
12:31:54.0266 3696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:54.0266 3696 RDPENCDD - ok
12:31:54.0282 3696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:54.0297 3696 RDPREFMP - ok
12:31:54.0329 3696 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:31:54.0329 3696 RDPWD - ok
12:31:54.0375 3696 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:31:54.0375 3696 rdyboost - ok
12:31:54.0500 3696 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:31:54.0516 3696 RFCOMM - ok
12:31:54.0563 3696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:54.0563 3696 rspndr - ok
12:31:54.0609 3696 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:31:54.0609 3696 s3cap - ok
12:31:54.0625 3696 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:31:54.0625 3696 sbp2port - ok
12:31:54.0656 3696 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:54.0672 3696 scfilter - ok
12:31:54.0750 3696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:54.0750 3696 secdrv - ok
12:31:54.0828 3696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:31:54.0828 3696 Serenum - ok
12:31:54.0937 3696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:31:54.0937 3696 Serial - ok
12:31:54.0999 3696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:31:55.0015 3696 sermouse - ok
12:31:55.0046 3696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:31:55.0046 3696 sffdisk - ok
12:31:55.0077 3696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:31:55.0093 3696 sffp_mmc - ok
12:31:55.0109 3696 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:31:55.0124 3696 sffp_sd - ok
12:31:55.0155 3696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:55.0155 3696 sfloppy - ok
12:31:55.0280 3696 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
12:31:55.0296 3696 SiSGbeLH - ok
12:31:55.0327 3696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:55.0327 3696 SiSRaid2 - ok
12:31:55.0389 3696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:55.0389 3696 SiSRaid4 - ok
12:31:55.0452 3696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:31:55.0452 3696 Smb - ok
12:31:55.0608 3696 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:31:55.0623 3696 SNP2UVC - ok
12:31:55.0733 3696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:31:55.0733 3696 spldr - ok
12:31:55.0842 3696 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:31:55.0842 3696 srv - ok
12:31:55.0920 3696 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:31:55.0935 3696 srv2 - ok
12:31:56.0029 3696 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:56.0045 3696 srvnet - ok
12:31:56.0154 3696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:31:56.0169 3696 stexstor - ok
12:31:56.0247 3696 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:31:56.0247 3696 storflt - ok
12:31:56.0325 3696 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:31:56.0325 3696 storvsc - ok
12:31:56.0372 3696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:31:56.0372 3696 swenum - ok
12:31:56.0497 3696 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:31:56.0637 3696 Tcpip - ok
12:31:56.0778 3696 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:56.0778 3696 TCPIP6 - ok
12:31:56.0840 3696 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:31:56.0856 3696 tcpipreg - ok
12:31:56.0887 3696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:31:56.0887 3696 TDPIPE - ok
12:31:56.0903 3696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:31:56.0903 3696 TDTCP - ok
12:31:56.0934 3696 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:31:56.0934 3696 tdx - ok
12:31:56.0949 3696 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:31:56.0965 3696 TermDD - ok
12:31:57.0074 3696 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
12:31:57.0090 3696 tosporte - ok
12:31:57.0152 3696 tosrfbd (71bb669bfcade1580fdce010abc76310) C:\Windows\system32\DRIVERS\tosrfbd.sys
12:31:57.0152 3696 tosrfbd - ok
12:31:57.0261 3696 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys
12:31:57.0261 3696 tosrfbnp - ok
12:31:57.0324 3696 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
12:31:57.0324 3696 Tosrfcom - ok
12:31:57.0386 3696 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:31:57.0386 3696 Tosrfhid - ok
12:31:57.0449 3696 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
12:31:57.0464 3696 tosrfnds - ok
12:31:57.0527 3696 Tosrfusb (463785c39f247580e16daef760e7ea86) C:\Windows\system32\DRIVERS\tosrfusb.sys
12:31:57.0527 3696 Tosrfusb - ok
12:31:57.0573 3696 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:57.0573 3696 tssecsrv - ok
12:31:57.0636 3696 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:57.0636 3696 tunnel - ok
12:31:57.0698 3696 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
12:31:57.0698 3696 TurboB - ok
12:31:57.0745 3696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:31:57.0745 3696 uagp35 - ok
12:31:57.0807 3696 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:31:57.0823 3696 udfs - ok
12:31:57.0901 3696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:31:57.0901 3696 uliagpkx - ok
12:31:57.0948 3696 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:31:57.0963 3696 umbus - ok
12:31:58.0010 3696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:31:58.0010 3696 UmPass - ok
12:31:58.0088 3696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:31:58.0088 3696 USBAAPL64 - ok
12:31:58.0135 3696 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:58.0135 3696 usbccgp - ok
12:31:58.0182 3696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:31:58.0197 3696 usbcir - ok
12:31:58.0244 3696 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
12:31:58.0244 3696 usbehci - ok
12:31:58.0322 3696 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:58.0322 3696 usbhub - ok
12:31:58.0369 3696 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:31:58.0369 3696 usbohci - ok
12:31:58.0431 3696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:31:58.0431 3696 usbprint - ok
12:31:58.0494 3696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:31:58.0509 3696 usbscan - ok
12:31:58.0556 3696 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:58.0556 3696 USBSTOR - ok
12:31:58.0603 3696 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:31:58.0603 3696 usbuhci - ok
12:31:58.0665 3696 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
12:31:58.0665 3696 usbvideo - ok
12:31:58.0728 3696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:31:58.0743 3696 vdrvroot - ok
12:31:58.0775 3696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:58.0775 3696 vga - ok
12:31:58.0821 3696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:31:58.0821 3696 VgaSave - ok
12:31:58.0868 3696 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:31:58.0884 3696 vhdmp - ok
12:31:58.0915 3696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:31:58.0915 3696 viaide - ok
12:31:58.0962 3696 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:31:58.0977 3696 vmbus - ok
12:31:59.0009 3696 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:31:59.0009 3696 VMBusHID - ok
12:31:59.0071 3696 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:31:59.0071 3696 volmgr - ok
12:31:59.0118 3696 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:31:59.0133 3696 volmgrx - ok
12:31:59.0180 3696 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:31:59.0180 3696 volsnap - ok
12:31:59.0274 3696 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
12:31:59.0274 3696 vpnva - ok
12:31:59.0321 3696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:59.0321 3696 vsmraid - ok
12:31:59.0367 3696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:31:59.0383 3696 vwifibus - ok
12:31:59.0414 3696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:31:59.0414 3696 vwififlt - ok
12:31:59.0461 3696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:31:59.0461 3696 WacomPen - ok
12:31:59.0523 3696 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:59.0539 3696 WANARP - ok
12:31:59.0539 3696 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:59.0539 3696 Wanarpv6 - ok
12:31:59.0648 3696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:31:59.0664 3696 Wd - ok
12:31:59.0695 3696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:31:59.0711 3696 Wdf01000 - ok
12:31:59.0789 3696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:59.0789 3696 WfpLwf - ok
12:31:59.0835 3696 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
12:31:59.0835 3696 WimFltr - ok
12:31:59.0898 3696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:31:59.0898 3696 WIMMount - ok
12:31:59.0960 3696 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
12:31:59.0960 3696 WinUSB - ok
12:31:59.0991 3696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:31:59.0991 3696 WmiAcpi - ok
12:32:00.0023 3696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:32:00.0023 3696 ws2ifsl - ok
12:32:00.0054 3696 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:32:00.0069 3696 WudfPf - ok
12:32:00.0101 3696 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:32:00.0116 3696 WUDFRd - ok
12:32:00.0179 3696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:32:00.0194 3696 \Device\Harddisk0\DR0 - ok
12:32:00.0210 3696 Boot (0x1200) (9ef08410a6fcb2e41a21e3a24fd643f4) \Device\Harddisk0\DR0\Partition0
12:32:00.0210 3696 \Device\Harddisk0\DR0\Partition0 - ok
12:32:00.0241 3696 Boot (0x1200) (3da03c8e5a2a6bc0944f4941c1b07ac2) \Device\Harddisk0\DR0\Partition1
12:32:00.0241 3696 \Device\Harddisk0\DR0\Partition1 - ok
12:32:00.0241 3696 ============================================================
12:32:00.0241 3696 Scan finished
12:32:00.0241 3696 ============================================================
12:32:00.0257 3248 Detected object count: 0
12:32:00.0257 3248 Actual detected object count: 0
|
|
23.12.2011, 13:09
| #6 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Hi, MAM updaten und Fullscan laufen lassen, alles bereinigen und Log posten... (Das war noch nicht alles...) chris
__________________ --> achtung windowssyset wurde blockiert - bezahlen und runterladen |
|
23.12.2011, 14:22
| #7 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen uups, da habe ich vorher nur den quickscan durchlaufen lassen. hier also das log des fullscan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122306
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.12.2011 14:10:37
mbam-log-2011-12-23 (14-10-37).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 334311
Laufzeit: 26 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
23.12.2011, 16:00
| #8 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Hi, oh-ha eine neue Version die MAM noch nicht kennt... (C:\Users\Luzius\AppData\Roaming\Microsoft\dllhsts.exe) Bitte folgendes Verzeichnis packen (um Gotteswillen NICHT ausführen!): Datei hochladen: http://www.trojaner-board.de/54791-a...ner-board.html Folge den Anweisungen dort und lade die Datei: Code:
ATTFilter Ordner movedfiles in C:\_OTL in eine Datei zippen!
Danach das Verzeichnis C:\_OTL löschen! Was macht der Rechner? chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
23.12.2011, 17:11
| #9 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen hallo chris, bei mir gab es kein verzeichnis "c:\_otl". ich hab den fix via otl.exe vom stick aus laufenlassen ("E:\OTL.exe"). das verzeichnis movedfiles mit der infizierten datei wurde unter "e:\_otl" abgelegt. dieses habe ich gezipt und hochgeladen. "e:\_otl" auf dem stick habe ich gelöscht. dem rechner gehts eigentlich ganz gut. keine symptome mehr. ein avira-scan im abgesicherten modus und ein eset-online-scan haben nichts gefunden. so weit so gut! was kommt als nächstes? sind sonstige sicherheitsmassnahmen angebracht (z.B. passwörter ändern)? |
|
25.12.2011, 10:48
| #10 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen Hi, Danke fürs hochladen... Passwörter ändern, und ein abgesichertes Konto mit Firefox mit WOT und NoScript zum Surfen verwenden... Dann wären wir erstmal durch.. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.12.2011, 17:03
| #11 |
| | achtung windowssyset wurde blockiert - bezahlen und runterladen hallo chris, das war die festtagspause... der rechner läuft ohne weitere probleme. danke für die kompetente hilfe! polyp  :dhxxp://www.trojaner-board.de/images/smilies/dankeschoen.gifankeschoen: |
|
| Themen zu achtung windowssyset wurde blockiert - bezahlen und runterladen |
| alternate, antivir, application/pdf, application/pdf:, asus, autorun, avira, bezahlen und runterladen, bho, blockiert, bonjour, defender, desktop, error, explorer, firefox, format, gfnexsrv.exe, helper, hilfe!!, hotkey, log, logfile, microsoft, mozilla thunderbird, mp3, nvidia, plug-in, registry, sched.exe, software, tracker, version=1.0, webcheck, windows, winlogon |
Linear-Darstellung
