| |
| |||||||
Log-Analyse und Auswertung: BOO/whistler.A im Master BootsektorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.01.2012, 00:55
| #1 |
 |  BOO/whistler.A im Master Bootsektor Hallo, ich habe vor einigen Tagen meinen PC neu installiert und dumm wie ich bin ihn anscheinend nicht gleich gut gesichert. Nun bekomme ich von Avira bei jedem Start folgende Meldung: "Im Masterbootsektor von Laufwerk 'Masterbootsektor HD2' wurde ein Virus oder unerwünschtes Programm 'BOO/Whistler.A' [virus] gefunden." Ausfallerscheinungen sind mir glücklicherweise noch nicht aufgefallen. Ich habe mit Malwarebytes einen Vollscan durchgeführt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.03.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andi :: TABULARASA [Administrator] Schutz: Aktiviert 03.01.2012 18:55:54 mbam-log-2012-01-03 (18-55-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1067397 Laufzeit: 5 Stunde(n), 20 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 K:\Programme\screensaver\Weather Report Screensaver\Mail.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 07:58:39
# local_time=2012-01-04 08:58:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6490135 6490135 0 0
# compatibility_mode=5893 16776573 100 94 4018 77263484 0 0
# compatibility_mode=8192 67108863 100 0 3799 3799 0 0
# scanned=823140
# found=3
# cleaned=0
# scan_time=73485
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean) 00000000000000000000000000000000 I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
05.01.2012, 01:23
| #2 |
| /// Selecta Jahrusso   | BOO/whistler.A im Master Bootsektor Bitte lese folgendes vollständig. Für alle Hilfesuchenden. Was muss ich vor der Eröffnung eines Themas beachten
__________________ |
|
05.01.2012, 17:01
| #3 | |
| | BOO/whistler.A im Master BootsektorZitat:
erst einmal herzlichen Dank für das schnelle Beachten meines Threads. hätte ich das Malwarebytes und ESET Log nicht gleich posten sollen? Oder habe ich noch etwas anderes falsch gemacht? Gruß, Andreas |
|
05.01.2012, 19:57
| #4 |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Mach das, was ich dir hier schreibe oder wir werden eine Ewigkeit brauchen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.01.2012, 01:55
| #5 |
| | BOO/whistler.A im Master Bootsektor Hallo, tut mir Leid, ich habe das verpeilt, dass es unter den 7 Regeln noch weiter geht und das da drin auch erwähnt wird. Sorry, ich war wohl etwas zu müde von der Arbeit als ich das geschrieben habe  Otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2012 23:53:28 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,73% Memory free 8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 56,68 Gb Free Space | 47,54% Space Free | Partition Type: NTFS Drive D: | 179,61 Gb Total Space | 64,17 Gb Free Space | 35,73% Space Free | Partition Type: NTFS Drive H: | 254,38 Gb Total Space | 83,18 Gb Free Space | 32,70% Space Free | Partition Type: NTFS Drive I: | 410,73 Gb Total Space | 186,80 Gb Free Space | 45,48% Space Free | Partition Type: NTFS Drive K: | 20,26 Gb Total Space | 11,08 Gb Free Space | 54,69% Space Free | Partition Type: NTFS Drive L: | 5,47 Gb Total Space | 4,15 Gb Free Space | 75,87% Space Free | Partition Type: NTFS Drive P: | 48,83 Gb Total Space | 26,67 Gb Free Space | 54,62% Space Free | Partition Type: NTFS Drive Q: | 7,67 Gb Total Space | 0,45 Gb Free Space | 5,92% Space Free | Partition Type: FAT32 Drive W: | 88,02 Gb Total Space | 24,96 Gb Free Space | 28,36% Space Free | Partition Type: NTFS Computer Name: TABULARASA | User Name: Andi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.05 23:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.18 18:42:45 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011.12.18 18:42:19 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programme\Steam\Steam.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2007.04.09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe ========== Modules (No Company Name) ========== MOD - [2011.12.18 18:42:45 | 014,410,024 | ---- | M] () -- D:\Programme\Steam\bin\libcef.dll MOD - [2011.12.18 18:42:45 | 000,914,216 | ---- | M] () -- D:\Programme\Steam\bin\avcodec-52.dll MOD - [2011.12.18 18:42:45 | 000,194,344 | ---- | M] () -- D:\Programme\Steam\bin\chromehtml.dll MOD - [2011.12.18 18:42:45 | 000,155,432 | ---- | M] () -- D:\Programme\Steam\bin\avformat-52.dll MOD - [2011.12.18 18:42:45 | 000,091,432 | ---- | M] () -- D:\Programme\Steam\bin\avutil-50.dll MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- P:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.18 18:42:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- P:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.18 16:45:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.12.18 14:39:26 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.12.10 15:33:48 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.17 18:53:24 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.12 07:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL) DRV:64bit: - [2007.04.10 05:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2007.04.10 03:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k) DRV:64bit: - [2007.04.10 03:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k) DRV:64bit: - [2007.04.10 03:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k) DRV:64bit: - [2007.04.10 03:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2007.04.10 03:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2007.04.10 03:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2007.04.10 03:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2007.04.10 03:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2007.04.10 03:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL) DRV:64bit: - [2007.04.10 03:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL) DRV:64bit: - [2007.04.10 03:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL) DRV:64bit: - [2007.04.10 03:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL) DRV:64bit: - [2007.04.10 03:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL) DRV:64bit: - [2007.04.10 03:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL) DRV:64bit: - [2007.04.10 03:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL) DRV:64bit: - [2007.04.10 03:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL) DRV:64bit: - [2007.04.10 03:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL) DRV:64bit: - [2007.04.10 03:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL) DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files (x86)\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files (x86)\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 6F BC A2 05 C8 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.1.3.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb2/mff_keyurl_search/?su=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 445 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: P:\Program Files (x86)\VLC Media Player\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.11 16:41:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.10 17:08:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.20 21:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions [2012.01.03 18:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\v4yoyhxf.default\extensions [2011.12.03 11:40:46 | 000,000,853 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\11-suche.xml [2011.12.03 11:40:46 | 000,002,226 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\englische-ergebnisse.xml [2011.12.03 11:40:46 | 000,010,506 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\gmx-suche.xml [2011.12.03 11:40:46 | 000,002,457 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\lastminute.xml [2011.12.03 11:40:46 | 000,005,500 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\webde-suche.xml [2011.12.11 16:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI () (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI () (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] P:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04BB8299-0BCA-4E3C-8964-0A7D0E15A26F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.23 22:31:52 | 000,000,016 | -H-- | M] () - Q:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2009.06.06 01:19:00 | 000,000,000 | ---- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.05 23:50:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe [2012.01.05 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Orcs Must Die [2012.01.04 18:39:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.01.04 18:39:06 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Dropbox [2012.01.04 00:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.04 00:30:08 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe [2012.01.03 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Malwarebytes [2012.01.03 18:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.03 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.03 18:53:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.03 18:41:50 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited [2012.01.03 18:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.01.03 18:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons [2012.01.03 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\1&1 Mail & Media GmbH [2012.01.02 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Diagnostics [2012.01.02 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\SUPERAntiSpyware.com [2012.01.02 17:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.01.02 17:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.01.02 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.02 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.02 17:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.01.02 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.01.02 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.12.29 01:30:06 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\vlc [2011.12.28 14:37:45 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\ProgSense [2011.12.28 14:37:31 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Orbit [2011.12.27 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\My Games [2011.12.27 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\My Games [2011.12.27 20:08:43 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Funcom [2011.12.25 21:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2011.12.25 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2011.12.25 21:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2011.12.23 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest Immortal Throne [2011.12.23 21:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest [2011.12.23 19:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\createonepart [2011.12.23 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart [2011.12.23 18:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2011.12.23 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2011.12.23 18:53:09 | 000,037,456 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys [2011.12.23 18:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 11 Free [2011.12.23 18:53:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.12.23 18:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software [2011.12.23 12:25:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.12.20 00:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.12.20 00:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.12.18 18:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.12.18 18:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.12.18 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArenaWars [2011.12.18 17:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArenaWars [2011.12.18 16:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 [2011.12.18 16:23:49 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 [2011.12.18 13:48:13 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2011.12.18 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III [2011.12.18 13:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2011.12.18 13:26:43 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.12.18 13:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2011.12.18 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft [2011.12.18 13:18:30 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2011.12.18 13:14:32 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Venetica [2011.12.18 13:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.12.18 13:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011.12.18 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2011.12.18 13:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011.12.18 13:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica [2011.12.18 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Bioshock [2011.12.18 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Bioshock [2011.12.18 12:31:12 | 000,000,000 | RH-D | C] -- C:\Users\Andi\AppData\Roaming\SecuROM [2011.12.18 12:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2011.12.18 12:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2011.12.18 12:26:44 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011.12.16 17:17:28 | 000,000,000 | ---D | C] -- C:\Users\Andi\restore [2011.12.16 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2011.12.16 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2011.12.16 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice [2011.12.16 16:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.12.16 16:25:12 | 000,119,296 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\opnetext.dll [2011.12.16 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Okidata [2011.12.16 16:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2011.12.16 16:24:58 | 000,029,184 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OKLMON64.DLL [2011.12.16 16:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\OPPU [2011.12.16 16:24:55 | 000,054,784 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPUSBEXT.DLL [2011.12.16 16:24:55 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPEXTUAC.DLL [2011.12.13 21:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.12.13 21:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.12.13 21:51:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.12.13 21:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.12.13 21:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.12.13 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Microsoft Help [2011.12.13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011.12.13 21:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.12.13 21:47:05 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.12.12 22:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drakensang - Am Fluss der Zeit [2011.12.12 22:38:50 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Adobe [2011.12.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.12.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.12.12 22:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.12.12 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.12.11 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Thunderbird [2011.12.11 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Thunderbird [2011.12.10 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Macromedia [2011.12.10 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Adobe [2011.12.10 17:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.12.10 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Opera [2011.12.10 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Opera [2011.12.10 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011.12.10 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2011.12.10 17:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2011.12.10 17:05:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.12.10 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\InstallShield [2011.12.10 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ [2011.12.10 16:50:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.12.10 16:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.12.10 16:49:24 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\2DBoy [2011.12.10 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2011.12.10 16:47:06 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011.12.10 16:46:57 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011.12.10 16:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Goo [2011.12.10 13:50:15 | 000,000,000 | ---D | C] -- C:\Games to not install [2011.12.10 13:46:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Drakensang [2011.12.10 13:44:28 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Drakensang_TRoT [2011.12.10 13:44:24 | 000,000,000 | ---D | C] -- C:\saves [2007.04.09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2007.04.09 11:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe ========== Files - Modified Within 30 Days ========== [2012.01.05 23:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe [2012.01.05 23:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Andi\defogger_reenable [2012.01.05 23:49:02 | 000,050,477 | ---- | M] () -- C:\Users\Andi\Desktop\Defogger.exe [2012.01.05 22:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 17:08:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.05 17:08:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.05 17:08:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.05 17:08:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.05 17:08:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.05 16:49:28 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 16:49:28 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 16:42:06 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2012.01.05 01:40:01 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx [2012.01.05 01:40:01 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx [2012.01.05 01:40:01 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx [2012.01.05 01:40:01 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx [2012.01.05 01:40:01 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx [2012.01.04 18:43:15 | 000,001,040 | ---- | M] () -- C:\Users\Andi\Desktop\Dropbox.lnk [2012.01.04 18:39:28 | 000,001,020 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.04 00:30:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe [2012.01.02 17:36:09 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.02 17:34:36 | 000,009,658 | ---- | M] () -- C:\Users\Andi\Documents\cc_20120102_173432.reg [2012.01.02 17:05:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.02 16:57:21 | 000,000,212 | ---- | M] () -- C:\Users\Andi\Desktop\Orcs Must Die!.url [2011.12.30 02:37:47 | 000,198,426 | ---- | M] () -- C:\Users\Andi\Desktop\Ostafrika_Flyer_Schirmherrschaft_01.pdf [2011.12.28 15:12:33 | 000,000,201 | ---- | M] () -- C:\Users\Andi\Desktop\Might and Magic Heroes VI Demo.url [2011.12.28 14:28:34 | 000,005,120 | ---- | M] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.26 16:32:16 | 000,000,184 | ---- | M] () -- C:\Users\Andi\Desktop\Trine 2 Demo.url [2011.12.23 21:32:19 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest - Immortal Throne.lnk [2011.12.23 21:20:34 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest.lnk [2011.12.23 18:53:09 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Free.lnk [2011.12.20 00:21:12 | 000,000,925 | ---- | M] () -- C:\Users\Andi\Desktop\Fall from Heaven 2.lnk [2011.12.18 18:42:10 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.12.18 17:17:01 | 000,000,726 | ---- | M] () -- C:\Users\Andi\Desktop\ArenaWars.lnk [2011.12.18 16:45:42 | 000,310,728 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011.12.18 16:23:50 | 000,000,575 | ---- | M] () -- C:\Users\Andi\Desktop\Serious Sam 2.lnk [2011.12.18 14:39:26 | 000,042,696 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011.12.18 14:05:16 | 000,049,964 | ---- | M] () -- C:\Windows\War3Unin.dat [2011.12.18 14:05:16 | 000,000,767 | ---- | M] () -- C:\Users\Andi\Desktop\Frozen Throne.lnk [2011.12.18 14:00:18 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2011.12.18 14:00:18 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2011.12.18 13:50:18 | 000,000,762 | ---- | M] () -- C:\Users\Andi\Desktop\Warcraft III.lnk [2011.12.18 13:26:14 | 000,029,104 | ---- | M] () -- C:\Windows\scunin.dat [2011.12.18 13:26:13 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe [2011.12.18 13:26:13 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif [2011.12.18 13:04:03 | 000,000,948 | ---- | M] () -- C:\Users\Andi\Desktop\Venetica.lnk [2011.12.18 12:28:54 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\BioShock.lnk [2011.12.18 12:26:44 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011.12.16 15:59:36 | 000,340,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.12 22:46:21 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Drakensang - Am Fluss der Zeit.lnk [2011.12.11 16:41:03 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.11 07:40:04 | 595,550,200 | ---- | M] () -- C:\Users\Andi\Documents\Thunderbird 8.0 (en-US) - 2011-12-11.pcv [2011.12.10 17:23:18 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Soulstorm.lnk [2011.12.10 17:17:20 | 000,001,621 | ---- | M] () -- C:\Users\Public\Desktop\BattleForge™.lnk [2011.12.10 17:08:20 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.12.10 17:05:04 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Dark Crusade.lnk [2011.12.10 16:56:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.12.10 16:56:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.12.10 16:53:25 | 000,002,941 | ---- | M] () -- C:\Users\Andi\Desktop\Dawn of War.lnk [2011.12.10 16:53:25 | 000,002,935 | ---- | M] () -- C:\Users\Andi\Desktop\Winter Assault.lnk [2011.12.10 16:46:10 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk [2011.12.10 16:27:32 | 203,099,834 | ---- | M] () -- C:\Users\Andi\Documents\Firefox 8.0 (en-US) - 2011-12-10.pcv [2011.12.10 15:33:48 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.01.05 23:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Andi\defogger_reenable [2012.01.05 23:49:01 | 000,050,477 | ---- | C] () -- C:\Users\Andi\Desktop\Defogger.exe [2012.01.04 18:43:15 | 000,001,040 | ---- | C] () -- C:\Users\Andi\Desktop\Dropbox.lnk [2012.01.04 18:39:28 | 000,001,020 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.03 18:41:46 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.01.03 18:16:09 | 000,002,043 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk [2012.01.02 17:36:09 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.01.02 17:34:33 | 000,009,658 | ---- | C] () -- C:\Users\Andi\Documents\cc_20120102_173432.reg [2012.01.02 17:05:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.02 14:58:44 | 000,000,212 | ---- | C] () -- C:\Users\Andi\Desktop\Orcs Must Die!.url [2011.12.30 02:37:46 | 000,198,426 | ---- | C] () -- C:\Users\Andi\Desktop\Ostafrika_Flyer_Schirmherrschaft_01.pdf [2011.12.28 14:27:30 | 000,005,120 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.27 20:07:24 | 000,000,201 | ---- | C] () -- C:\Users\Andi\Desktop\Might and Magic Heroes VI Demo.url [2011.12.26 16:32:16 | 000,000,184 | ---- | C] () -- C:\Users\Andi\Desktop\Trine 2 Demo.url [2011.12.23 21:32:19 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest - Immortal Throne.lnk [2011.12.23 21:20:34 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest.lnk [2011.12.23 20:05:54 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2011.12.23 18:53:09 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Free.lnk [2011.12.20 00:21:12 | 000,000,925 | ---- | C] () -- C:\Users\Andi\Desktop\Fall from Heaven 2.lnk [2011.12.18 18:42:10 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.12.18 17:17:01 | 000,000,726 | ---- | C] () -- C:\Users\Andi\Desktop\ArenaWars.lnk [2011.12.18 16:23:50 | 000,000,575 | ---- | C] () -- C:\Users\Andi\Desktop\Serious Sam 2.lnk [2011.12.18 14:39:26 | 000,310,728 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011.12.18 14:39:26 | 000,042,696 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011.12.18 14:05:16 | 000,000,767 | ---- | C] () -- C:\Users\Andi\Desktop\Frozen Throne.lnk [2011.12.18 13:50:18 | 000,000,762 | ---- | C] () -- C:\Users\Andi\Desktop\Warcraft III.lnk [2011.12.18 13:48:13 | 000,049,964 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.12.18 13:48:13 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2011.12.18 13:18:31 | 000,029,104 | ---- | C] () -- C:\Windows\scunin.dat [2011.12.18 13:18:30 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif [2011.12.18 13:04:03 | 000,000,948 | ---- | C] () -- C:\Users\Andi\Desktop\Venetica.lnk [2011.12.18 12:28:54 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\BioShock.lnk [2011.12.16 16:25:12 | 000,003,224 | ---- | C] () -- C:\Windows\SysNative\opnedef.str [2011.12.16 16:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\opnetext.gid [2011.12.16 16:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OPNETEXT.GID [2011.12.12 22:46:21 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Drakensang - Am Fluss der Zeit.lnk [2011.12.12 22:36:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.12.11 16:41:03 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.11 07:52:59 | 595,550,200 | ---- | C] () -- C:\Users\Andi\Documents\Thunderbird 8.0 (en-US) - 2011-12-11.pcv [2011.12.11 07:52:35 | 203,099,834 | ---- | C] () -- C:\Users\Andi\Documents\Firefox 8.0 (en-US) - 2011-12-10.pcv [2011.12.10 17:23:18 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Soulstorm.lnk [2011.12.10 17:17:20 | 000,001,621 | ---- | C] () -- C:\Users\Public\Desktop\BattleForge™.lnk [2011.12.10 17:14:27 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.12.10 17:08:20 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.12.10 17:08:20 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.12.10 17:05:04 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Dark Crusade.lnk [2011.12.10 16:56:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.12.10 16:56:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.12.10 16:53:25 | 000,002,941 | ---- | C] () -- C:\Users\Andi\Desktop\Dawn of War.lnk [2011.12.10 16:53:25 | 000,002,935 | ---- | C] () -- C:\Users\Andi\Desktop\Winter Assault.lnk [2011.12.10 16:47:33 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.12.10 16:46:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011.12.10 16:46:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011.12.10 16:46:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011.12.10 16:46:34 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011.12.10 16:46:33 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2011.12.10 16:46:10 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk [2011.10.20 19:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.10.12 23:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2007.04.12 07:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll [2007.04.09 11:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2007.04.09 11:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2007.04.09 11:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll [2007.04.09 11:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe [2007.04.09 11:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2007.04.09 11:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2007.04.09 11:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat [2007.04.09 11:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat [2007.04.09 11:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2006.10.02 08:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2005.06.16 09:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll ========== LOP Check ========== [2012.01.03 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\1&1 Mail & Media GmbH [2011.12.18 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Bioshock [2012.01.03 18:41:50 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited [2012.01.05 17:16:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox [2011.12.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Opera [2011.12.30 03:57:24 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Orbit [2011.12.28 14:37:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ProgSense [2011.12.11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Thunderbird [2009.07.14 06:08:49 | 000,016,254 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.20 21:08:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.12.11 06:47:23 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.10 14:02:20 | 000,000,000 | ---D | M] -- C:\Games to not install [2011.12.13 21:47:05 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.03 18:19:07 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.04 00:30:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.01.03 18:53:50 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.10.31 17:57:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.12.18 12:33:32 | 000,000,000 | ---D | M] -- C:\saves [2012.01.05 23:54:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.20 21:08:21 | 000,000,000 | R--D | M] -- C:\Users [2012.01.05 17:34:34 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2012 23:53:28 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,73% Memory free
8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 56,68 Gb Free Space | 47,54% Space Free | Partition Type: NTFS
Drive D: | 179,61 Gb Total Space | 64,17 Gb Free Space | 35,73% Space Free | Partition Type: NTFS
Drive H: | 254,38 Gb Total Space | 83,18 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive I: | 410,73 Gb Total Space | 186,80 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
Drive K: | 20,26 Gb Total Space | 11,08 Gb Free Space | 54,69% Space Free | Partition Type: NTFS
Drive L: | 5,47 Gb Total Space | 4,15 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
Drive P: | 48,83 Gb Total Space | 26,67 Gb Free Space | 54,62% Space Free | Partition Type: NTFS
Drive Q: | 7,67 Gb Total Space | 0,45 Gb Free Space | 5,92% Space Free | Partition Type: FAT32
Drive W: | 88,02 Gb Total Space | 24,96 Gb Free Space | 28,36% Space Free | Partition Type: NTFS
Computer Name: TABULARASA | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 11 Free
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"ArenaWars" = ArenaWars
"Avira AntiVir Desktop" = Avira Free Antivirus
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.2
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Opera 11.60.1185" = Opera 11.60
"SeriousSam2" = Serious Sam 2
"Starcraft" = Starcraft
"Steam App 10" = Counter-Strike
"Steam App 102600" = Orcs Must Die!
"Steam App 204260" = Trine 2 Demo
"Steam App 48280" = Might and Magic Heroes VI Demo
"Steam App 65900" = Sid Meier's Civilization V - Demo
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.01.2012 11:36:52 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: af0 Startzeit:
01ccca2d5ba37b43 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bebd2fe4-3620-11e1-a549-002185618301
Error - 03.01.2012 12:31:05 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fa0 Startzeit:
01ccca34e1326ccc Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
4a9543a6-3628-11e1-a549-002185618301
Error - 03.01.2012 12:32:59 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9f0 Startzeit:
01ccca3518376922 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
9637c93c-3628-11e1-a549-002185618301
Error - 03.01.2012 19:30:14 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "P:\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.01.2012 19:30:28 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.01.2012 19:30:29 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.01.2012 19:30:29 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.01.2012 19:30:33 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 04.01.2012 13:39:23 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 04.01.2012 16:23:20 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 04.01.2012 18:32:53 | Computer Name = Tabularasa | Source = bowser | ID = 8003
Description =
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.01.2012 11:42:24 | Computer Name = Tabularasa | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 05.01.2012 11:42:24 | Computer Name = Tabularasa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 05.01.2012 17:34:17 | Computer Name = Tabularasa | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 05.01.2012 17:34:18 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.01.2012 17:34:18 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Ich hoffe jetzt passt alles. Danke für die Geduld! |
|
06.01.2012, 13:14
| #6 |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner nächsten Antwort aswMBR.txt TDSSKiller Log
__________________ --> BOO/whistler.A im Master Bootsektor |
|
06.01.2012, 14:25
| #7 |
| | BOO/whistler.A im Master Bootsektor Hallo, aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 14:16:11
-----------------------------
14:16:11.265 OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:11.265 Number of processors: 4 586 0xF0B
14:16:11.265 ComputerName: TABULARASA UserName: Andi
14:16:11.437 Initialize success
14:18:05.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
14:18:05.746 Disk 0 Vendor: M4-CT128M4SSD2 0009 Size: 122104MB BusType: 3
14:18:05.746 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
14:18:05.746 Disk 1 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
14:18:05.761 Disk 0 MBR read successfully
14:18:05.761 Disk 0 MBR scan
14:18:05.761 Disk 0 Windows 7 default MBR code
14:18:05.761 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122102 MB offset 2048
14:18:05.777 Service scanning
14:18:07.555 Modules scanning
14:18:07.555 Disk 0 trace - called modules:
14:18:07.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:18:07.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044d1060]
14:18:07.571 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80042d8520]
14:18:07.571 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0xfffffa80042d7060]
14:18:07.586 Scan finished successfully
14:18:40.112 Disk 0 MBR has been saved successfully to "C:\Users\Andi\Desktop\MBR.dat"
14:18:40.112 The log file has been saved successfully to "C:\Users\Andi\Desktop\aswMBR.txt"
Code:
ATTFilter 14:21:56.0968 1756 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:21:57.0092 1756 ============================================================
14:21:57.0092 1756 Current date / time: 2012/01/06 14:21:57.0092
14:21:57.0092 1756 SystemInfo:
14:21:57.0092 1756
14:21:57.0092 1756 OS Version: 6.1.7601 ServicePack: 1.0
14:21:57.0092 1756 Product type: Workstation
14:21:57.0092 1756 ComputerName: TABULARASA
14:21:57.0092 1756 UserName: Andi
14:21:57.0092 1756 Windows directory: C:\Windows
14:21:57.0092 1756 System windows directory: C:\Windows
14:21:57.0092 1756 Running under WOW64
14:21:57.0092 1756 Processor architecture: Intel x64
14:21:57.0092 1756 Number of processors: 4
14:21:57.0092 1756 Page size: 0x1000
14:21:57.0092 1756 Boot type: Normal boot
14:21:57.0092 1756 ============================================================
14:21:57.0404 1756 Initialize success
14:22:05.0735 2680 ============================================================
14:22:05.0735 2680 Scan started
14:22:05.0735 2680 Mode: Manual;
14:22:05.0735 2680 ============================================================
14:22:05.0891 2680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:22:05.0891 2680 1394ohci - ok
14:22:05.0906 2680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:22:05.0906 2680 ACPI - ok
14:22:05.0906 2680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:22:05.0906 2680 AcpiPmi - ok
14:22:05.0922 2680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:22:05.0938 2680 adp94xx - ok
14:22:05.0938 2680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:22:05.0938 2680 adpahci - ok
14:22:05.0953 2680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:22:05.0953 2680 adpu320 - ok
14:22:05.0969 2680 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:22:05.0969 2680 AFD - ok
14:22:05.0984 2680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:22:05.0984 2680 agp440 - ok
14:22:06.0000 2680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:22:06.0000 2680 aliide - ok
14:22:06.0000 2680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:22:06.0000 2680 amdide - ok
14:22:06.0016 2680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:22:06.0016 2680 AmdK8 - ok
14:22:06.0031 2680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:22:06.0031 2680 AmdPPM - ok
14:22:06.0031 2680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:22:06.0031 2680 amdsata - ok
14:22:06.0047 2680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:22:06.0047 2680 amdsbs - ok
14:22:06.0062 2680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:22:06.0062 2680 amdxata - ok
14:22:06.0078 2680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:22:06.0078 2680 AppID - ok
14:22:06.0094 2680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:22:06.0094 2680 arc - ok
14:22:06.0094 2680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:22:06.0094 2680 arcsas - ok
14:22:06.0109 2680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:06.0109 2680 AsyncMac - ok
14:22:06.0109 2680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:22:06.0109 2680 atapi - ok
14:22:06.0187 2680 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:06.0234 2680 atikmdag - ok
14:22:06.0250 2680 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
14:22:06.0250 2680 atksgt - ok
14:22:06.0265 2680 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:06.0265 2680 avgntflt - ok
14:22:06.0281 2680 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
14:22:06.0281 2680 avipbb - ok
14:22:06.0281 2680 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:22:06.0281 2680 avkmgr - ok
14:22:06.0296 2680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:22:06.0312 2680 b06bdrv - ok
14:22:06.0312 2680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:06.0328 2680 b57nd60a - ok
14:22:06.0328 2680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:22:06.0328 2680 Beep - ok
14:22:06.0343 2680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:06.0343 2680 blbdrive - ok
14:22:06.0359 2680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:22:06.0359 2680 bowser - ok
14:22:06.0374 2680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:22:06.0374 2680 BrFiltLo - ok
14:22:06.0374 2680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:22:06.0374 2680 BrFiltUp - ok
14:22:06.0390 2680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:22:06.0406 2680 Brserid - ok
14:22:06.0406 2680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:06.0406 2680 BrSerWdm - ok
14:22:06.0421 2680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:06.0421 2680 BrUsbMdm - ok
14:22:06.0421 2680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:06.0421 2680 BrUsbSer - ok
14:22:06.0437 2680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:22:06.0437 2680 BTHMODEM - ok
14:22:06.0452 2680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:06.0452 2680 cdfs - ok
14:22:06.0468 2680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:22:06.0468 2680 cdrom - ok
14:22:06.0468 2680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:22:06.0484 2680 circlass - ok
14:22:06.0484 2680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:22:06.0484 2680 CLFS - ok
14:22:06.0515 2680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:22:06.0515 2680 CmBatt - ok
14:22:06.0515 2680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:22:06.0515 2680 cmdide - ok
14:22:06.0530 2680 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:22:06.0530 2680 CNG - ok
14:22:06.0546 2680 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
14:22:06.0546 2680 COMMONFX.DLL - ok
14:22:06.0546 2680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:22:06.0546 2680 Compbatt - ok
14:22:06.0562 2680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:22:06.0562 2680 CompositeBus - ok
14:22:06.0577 2680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:22:06.0577 2680 crcdisk - ok
14:22:06.0593 2680 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:22:06.0593 2680 CSC - ok
14:22:06.0608 2680 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
14:22:06.0608 2680 CT20XUT.DLL - ok
14:22:06.0624 2680 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys
14:22:06.0624 2680 ctac32k - ok
14:22:06.0640 2680 ctaud2k (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys
14:22:06.0655 2680 ctaud2k - ok
14:22:06.0671 2680 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
14:22:06.0671 2680 CTAUDFX.DLL - ok
14:22:06.0686 2680 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
14:22:06.0686 2680 CTEAPSFX.DLL - ok
14:22:06.0686 2680 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
14:22:06.0702 2680 CTEDSPFX.DLL - ok
14:22:06.0702 2680 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
14:22:06.0702 2680 CTEDSPIO.DLL - ok
14:22:06.0718 2680 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
14:22:06.0718 2680 CTEDSPSY.DLL - ok
14:22:06.0733 2680 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
14:22:06.0733 2680 CTERFXFX.DLL - ok
14:22:06.0749 2680 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
14:22:06.0764 2680 CTEXFIFX.DLL - ok
14:22:06.0780 2680 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
14:22:06.0780 2680 CTHWIUT.DLL - ok
14:22:06.0780 2680 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys
14:22:06.0780 2680 ctprxy2k - ok
14:22:06.0796 2680 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
14:22:06.0811 2680 CTSBLFX.DLL - ok
14:22:06.0811 2680 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys
14:22:06.0827 2680 ctsfm2k - ok
14:22:06.0827 2680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:22:06.0842 2680 DfsC - ok
14:22:06.0842 2680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:22:06.0858 2680 discache - ok
14:22:06.0858 2680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:22:06.0858 2680 Disk - ok
14:22:06.0874 2680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:22:06.0874 2680 drmkaud - ok
14:22:06.0889 2680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:06.0905 2680 DXGKrnl - ok
14:22:06.0936 2680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:22:06.0967 2680 ebdrv - ok
14:22:06.0998 2680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:22:06.0998 2680 elxstor - ok
14:22:07.0014 2680 emupia (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys
14:22:07.0014 2680 emupia - ok
14:22:07.0014 2680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:22:07.0014 2680 ErrDev - ok
14:22:07.0030 2680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:22:07.0045 2680 exfat - ok
14:22:07.0045 2680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:22:07.0061 2680 fastfat - ok
14:22:07.0061 2680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:22:07.0076 2680 fdc - ok
14:22:07.0076 2680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:22:07.0092 2680 FileInfo - ok
14:22:07.0092 2680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:22:07.0108 2680 Filetrace - ok
14:22:07.0108 2680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:07.0108 2680 flpydisk - ok
14:22:07.0123 2680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:22:07.0123 2680 FltMgr - ok
14:22:07.0139 2680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:22:07.0139 2680 FsDepends - ok
14:22:07.0154 2680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:07.0154 2680 Fs_Rec - ok
14:22:07.0154 2680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:22:07.0154 2680 fvevol - ok
14:22:07.0170 2680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:22:07.0170 2680 gagp30kx - ok
14:22:07.0201 2680 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys
14:22:07.0201 2680 ha10kx2k - ok
14:22:07.0217 2680 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys
14:22:07.0217 2680 hap16v2k - ok
14:22:07.0232 2680 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys
14:22:07.0232 2680 hap17v2k - ok
14:22:07.0232 2680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:22:07.0248 2680 hcw85cir - ok
14:22:07.0248 2680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:22:07.0264 2680 HdAudAddService - ok
14:22:07.0264 2680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:22:07.0264 2680 HDAudBus - ok
14:22:07.0279 2680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:22:07.0279 2680 HidBatt - ok
14:22:07.0279 2680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:22:07.0295 2680 HidBth - ok
14:22:07.0295 2680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:22:07.0295 2680 HidIr - ok
14:22:07.0310 2680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:22:07.0310 2680 HidUsb - ok
14:22:07.0326 2680 hotcore3 (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys
14:22:07.0326 2680 hotcore3 - ok
14:22:07.0326 2680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:22:07.0326 2680 HpSAMD - ok
14:22:07.0342 2680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:22:07.0357 2680 HTTP - ok
14:22:07.0357 2680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:22:07.0357 2680 hwpolicy - ok
14:22:07.0373 2680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:22:07.0373 2680 i8042prt - ok
14:22:07.0388 2680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:22:07.0388 2680 iaStorV - ok
14:22:07.0404 2680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:22:07.0404 2680 iirsp - ok
14:22:07.0420 2680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:22:07.0420 2680 intelide - ok
14:22:07.0435 2680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:22:07.0435 2680 intelppm - ok
14:22:07.0435 2680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:07.0435 2680 IpFilterDriver - ok
14:22:07.0451 2680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:22:07.0451 2680 IPMIDRV - ok
14:22:07.0466 2680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:22:07.0466 2680 IPNAT - ok
14:22:07.0482 2680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:22:07.0482 2680 IRENUM - ok
14:22:07.0498 2680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:22:07.0498 2680 isapnp - ok
14:22:07.0529 2680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:22:07.0529 2680 iScsiPrt - ok
14:22:07.0544 2680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:22:07.0544 2680 kbdclass - ok
14:22:07.0544 2680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:22:07.0544 2680 kbdhid - ok
14:22:07.0560 2680 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:22:07.0560 2680 KSecDD - ok
14:22:07.0576 2680 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:22:07.0576 2680 KSecPkg - ok
14:22:07.0576 2680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:22:07.0576 2680 ksthunk - ok
14:22:07.0607 2680 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
14:22:07.0607 2680 lirsgt - ok
14:22:07.0607 2680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:07.0607 2680 lltdio - ok
14:22:07.0622 2680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:22:07.0622 2680 LSI_FC - ok
14:22:07.0638 2680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:22:07.0638 2680 LSI_SAS - ok
14:22:07.0654 2680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:22:07.0654 2680 LSI_SAS2 - ok
14:22:07.0654 2680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:22:07.0654 2680 LSI_SCSI - ok
14:22:07.0669 2680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:22:07.0669 2680 luafv - ok
14:22:07.0685 2680 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:22:07.0685 2680 MBAMProtector - ok
14:22:07.0700 2680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:22:07.0700 2680 megasas - ok
14:22:07.0700 2680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:22:07.0716 2680 MegaSR - ok
14:22:07.0716 2680 MHIKEY10 (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
14:22:07.0716 2680 MHIKEY10 - ok
14:22:07.0732 2680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:22:07.0732 2680 Modem - ok
14:22:07.0732 2680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:22:07.0732 2680 monitor - ok
14:22:07.0747 2680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:22:07.0747 2680 mouclass - ok
14:22:07.0763 2680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:07.0763 2680 mouhid - ok
14:22:07.0763 2680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:22:07.0763 2680 mountmgr - ok
14:22:07.0778 2680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:22:07.0778 2680 mpio - ok
14:22:07.0794 2680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:22:07.0794 2680 mpsdrv - ok
14:22:07.0794 2680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:22:07.0810 2680 MRxDAV - ok
14:22:07.0810 2680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:07.0825 2680 mrxsmb - ok
14:22:07.0841 2680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:07.0841 2680 mrxsmb10 - ok
14:22:07.0856 2680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:07.0856 2680 mrxsmb20 - ok
14:22:07.0872 2680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:22:07.0872 2680 msahci - ok
14:22:07.0872 2680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:22:07.0872 2680 msdsm - ok
14:22:07.0888 2680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:22:07.0888 2680 Msfs - ok
14:22:07.0903 2680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:22:07.0903 2680 mshidkmdf - ok
14:22:07.0919 2680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:22:07.0919 2680 msisadrv - ok
14:22:07.0934 2680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:07.0934 2680 MSKSSRV - ok
14:22:07.0934 2680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:07.0934 2680 MSPCLOCK - ok
14:22:07.0950 2680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:22:07.0950 2680 MSPQM - ok
14:22:07.0966 2680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:22:07.0966 2680 MsRPC - ok
14:22:07.0981 2680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:22:07.0981 2680 mssmbios - ok
14:22:07.0981 2680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:22:07.0981 2680 MSTEE - ok
14:22:07.0997 2680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:22:07.0997 2680 MTConfig - ok
14:22:08.0012 2680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:22:08.0012 2680 Mup - ok
14:22:08.0028 2680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:08.0028 2680 NativeWifiP - ok
14:22:08.0044 2680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:22:08.0059 2680 NDIS - ok
14:22:08.0059 2680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:08.0059 2680 NdisCap - ok
14:22:08.0075 2680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:08.0075 2680 NdisTapi - ok
14:22:08.0090 2680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:08.0090 2680 Ndisuio - ok
14:22:08.0090 2680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:08.0090 2680 NdisWan - ok
14:22:08.0106 2680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:22:08.0106 2680 NDProxy - ok
14:22:08.0122 2680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:22:08.0122 2680 NetBIOS - ok
14:22:08.0137 2680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:22:08.0137 2680 NetBT - ok
14:22:08.0153 2680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:22:08.0153 2680 nfrd960 - ok
14:22:08.0168 2680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:22:08.0168 2680 Npfs - ok
14:22:08.0184 2680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:22:08.0184 2680 nsiproxy - ok
14:22:08.0215 2680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:22:08.0231 2680 Ntfs - ok
14:22:08.0246 2680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:22:08.0246 2680 Null - ok
14:22:08.0262 2680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:22:08.0262 2680 nvraid - ok
14:22:08.0262 2680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:22:08.0262 2680 nvstor - ok
14:22:08.0278 2680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:22:08.0278 2680 nv_agp - ok
14:22:08.0293 2680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:22:08.0293 2680 ohci1394 - ok
14:22:08.0309 2680 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys
14:22:08.0309 2680 ossrv - ok
14:22:08.0324 2680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:22:08.0324 2680 Parport - ok
14:22:08.0324 2680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:22:08.0324 2680 partmgr - ok
14:22:08.0340 2680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:22:08.0340 2680 pci - ok
14:22:08.0356 2680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:22:08.0356 2680 pciide - ok
14:22:08.0356 2680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:22:08.0356 2680 pcmcia - ok
14:22:08.0371 2680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:22:08.0371 2680 pcw - ok
14:22:08.0387 2680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:22:08.0387 2680 PEAUTH - ok
14:22:08.0434 2680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:08.0434 2680 PptpMiniport - ok
14:22:08.0434 2680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:22:08.0434 2680 Processor - ok
14:22:08.0449 2680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:22:08.0449 2680 Psched - ok
14:22:08.0480 2680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:22:08.0496 2680 ql2300 - ok
14:22:08.0496 2680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:22:08.0496 2680 ql40xx - ok
14:22:08.0512 2680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:22:08.0512 2680 QWAVEdrv - ok
14:22:08.0527 2680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:08.0527 2680 RasAcd - ok
14:22:08.0527 2680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:08.0527 2680 RasAgileVpn - ok
14:22:08.0543 2680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:08.0543 2680 Rasl2tp - ok
14:22:08.0558 2680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:08.0558 2680 RasPppoe - ok
14:22:08.0558 2680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:08.0558 2680 RasSstp - ok
14:22:08.0574 2680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:08.0590 2680 rdbss - ok
14:22:08.0590 2680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:22:08.0590 2680 rdpbus - ok
14:22:08.0605 2680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:08.0605 2680 RDPCDD - ok
14:22:08.0621 2680 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:22:08.0621 2680 RDPDR - ok
14:22:08.0621 2680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:22:08.0621 2680 RDPENCDD - ok
14:22:08.0636 2680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:22:08.0636 2680 RDPREFMP - ok
14:22:08.0652 2680 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:22:08.0652 2680 RDPWD - ok
14:22:08.0668 2680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:22:08.0668 2680 rdyboost - ok
14:22:08.0683 2680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:08.0683 2680 rspndr - ok
14:22:08.0699 2680 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:08.0699 2680 RTL8167 - ok
14:22:08.0714 2680 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:22:08.0714 2680 s3cap - ok
14:22:08.0714 2680 SASDIFSV - ok
14:22:08.0714 2680 SASKUTIL - ok
14:22:08.0730 2680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:22:08.0730 2680 sbp2port - ok
14:22:08.0746 2680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:22:08.0746 2680 scfilter - ok
14:22:08.0761 2680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:22:08.0761 2680 secdrv - ok
14:22:08.0761 2680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:22:08.0761 2680 Serenum - ok
14:22:08.0777 2680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:22:08.0777 2680 Serial - ok
14:22:08.0792 2680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:22:08.0792 2680 sermouse - ok
14:22:08.0808 2680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:22:08.0808 2680 sffdisk - ok
14:22:08.0808 2680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:08.0808 2680 sffp_mmc - ok
14:22:08.0824 2680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:22:08.0824 2680 sffp_sd - ok
14:22:08.0839 2680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:22:08.0839 2680 sfloppy - ok
14:22:08.0855 2680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:22:08.0855 2680 SiSRaid2 - ok
14:22:08.0855 2680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:22:08.0855 2680 SiSRaid4 - ok
14:22:08.0870 2680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:22:08.0870 2680 Smb - ok
14:22:08.0886 2680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:22:08.0886 2680 spldr - ok
14:22:08.0902 2680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:22:08.0917 2680 srv - ok
14:22:08.0933 2680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:22:08.0933 2680 srv2 - ok
14:22:08.0948 2680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:08.0948 2680 srvnet - ok
14:22:08.0964 2680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:22:08.0964 2680 stexstor - ok
14:22:08.0980 2680 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:22:08.0980 2680 storflt - ok
14:22:08.0995 2680 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:22:08.0995 2680 storvsc - ok
14:22:08.0995 2680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:22:08.0995 2680 swenum - ok
14:22:09.0042 2680 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:22:09.0058 2680 Tcpip - ok
14:22:09.0089 2680 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:09.0089 2680 TCPIP6 - ok
14:22:09.0104 2680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:22:09.0104 2680 tcpipreg - ok
14:22:09.0120 2680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:22:09.0120 2680 TDPIPE - ok
14:22:09.0136 2680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:22:09.0136 2680 TDTCP - ok
14:22:09.0136 2680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:22:09.0136 2680 tdx - ok
14:22:09.0151 2680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:22:09.0151 2680 TermDD - ok
14:22:09.0167 2680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:09.0167 2680 tssecsrv - ok
14:22:09.0182 2680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:22:09.0182 2680 TsUsbFlt - ok
14:22:09.0198 2680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:09.0198 2680 tunnel - ok
14:22:09.0198 2680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:22:09.0198 2680 uagp35 - ok
14:22:09.0214 2680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:22:09.0229 2680 udfs - ok
14:22:09.0245 2680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:22:09.0245 2680 uliagpkx - ok
14:22:09.0245 2680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:22:09.0245 2680 umbus - ok
14:22:09.0260 2680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:22:09.0260 2680 UmPass - ok
14:22:09.0276 2680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:09.0276 2680 usbccgp - ok
14:22:09.0292 2680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:22:09.0292 2680 usbcir - ok
14:22:09.0292 2680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:09.0292 2680 usbehci - ok
14:22:09.0307 2680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:09.0307 2680 usbhub - ok
14:22:09.0323 2680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:22:09.0323 2680 usbohci - ok
14:22:09.0323 2680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:09.0323 2680 usbprint - ok
14:22:09.0338 2680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:09.0338 2680 USBSTOR - ok
14:22:09.0354 2680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:09.0354 2680 usbuhci - ok
14:22:09.0354 2680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:22:09.0354 2680 vdrvroot - ok
14:22:09.0370 2680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:09.0370 2680 vga - ok
14:22:09.0385 2680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:22:09.0385 2680 VgaSave - ok
14:22:09.0401 2680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:22:09.0401 2680 vhdmp - ok
14:22:09.0401 2680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:22:09.0401 2680 viaide - ok
14:22:09.0416 2680 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:22:09.0416 2680 vmbus - ok
14:22:09.0432 2680 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:22:09.0432 2680 VMBusHID - ok
14:22:09.0432 2680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:22:09.0432 2680 volmgr - ok
14:22:09.0448 2680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:22:09.0448 2680 volmgrx - ok
14:22:09.0463 2680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:22:09.0463 2680 volsnap - ok
14:22:09.0479 2680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:22:09.0479 2680 vsmraid - ok
14:22:09.0494 2680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:22:09.0494 2680 vwifibus - ok
14:22:09.0494 2680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:22:09.0494 2680 WacomPen - ok
14:22:09.0510 2680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:09.0510 2680 WANARP - ok
14:22:09.0510 2680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:09.0510 2680 Wanarpv6 - ok
14:22:09.0526 2680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:22:09.0526 2680 Wd - ok
14:22:09.0541 2680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:22:09.0557 2680 Wdf01000 - ok
14:22:09.0572 2680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:09.0572 2680 WfpLwf - ok
14:22:09.0588 2680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:22:09.0588 2680 WIMMount - ok
14:22:09.0604 2680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:22:09.0619 2680 WmiAcpi - ok
14:22:09.0635 2680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:09.0635 2680 ws2ifsl - ok
14:22:09.0650 2680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:22:09.0650 2680 WudfPf - ok
14:22:09.0666 2680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:09.0666 2680 WUDFRd - ok
14:22:09.0666 2680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:22:09.0682 2680 \Device\Harddisk0\DR0 - ok
14:22:09.0697 2680 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
14:22:09.0869 2680 \Device\Harddisk1\DR1 - ok
14:22:09.0869 2680 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR2
14:22:10.0009 2680 \Device\Harddisk2\DR2 - ok
14:22:10.0025 2680 MBR (0x1B8) (b34931cb5ab4a551cc4ef3fcaac10b1a) \Device\Harddisk3\DR3
14:22:10.0025 2680 \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - infected
14:22:10.0025 2680 \Device\Harddisk3\DR3 - detected Rootkit.Boot.Wistler.a (0)
14:22:10.0025 2680 Boot (0x1200) (adfa03575b4f3b6e35e0e54bea89876f) \Device\Harddisk0\DR0\Partition0
14:22:10.0025 2680 \Device\Harddisk0\DR0\Partition0 - ok
14:22:10.0025 2680 Boot (0x1200) (1b61523b98189e689985a3a6cd0d5445) \Device\Harddisk1\DR1\Partition0
14:22:10.0025 2680 \Device\Harddisk1\DR1\Partition0 - ok
14:22:10.0025 2680 Boot (0x1200) (3f52d85a74d8a5c8c2afaae97e450f83) \Device\Harddisk2\DR2\Partition0
14:22:10.0040 2680 \Device\Harddisk2\DR2\Partition0 - ok
14:22:10.0040 2680 Boot (0x1200) (35d02c479305b3c726e9c4dae215acfe) \Device\Harddisk3\DR3\Partition0
14:22:10.0040 2680 \Device\Harddisk3\DR3\Partition0 - ok
14:22:10.0040 2680 Boot (0x1200) (7b3d212cdfe9dac44140a512d9a5fb3c) \Device\Harddisk3\DR3\Partition1
14:22:10.0040 2680 \Device\Harddisk3\DR3\Partition1 - ok
14:22:10.0040 2680 Boot (0x1200) (5146ef7a5568af38a5488467ea96d4b0) \Device\Harddisk3\DR3\Partition2
14:22:10.0040 2680 \Device\Harddisk3\DR3\Partition2 - ok
14:22:10.0040 2680 ============================================================
14:22:10.0040 2680 Scan finished
14:22:10.0040 2680 ============================================================
14:22:10.0056 0712 Detected object count: 1
14:22:10.0056 0712 Actual detected object count: 1
14:22:26.0951 0712 \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - skipped by user
14:22:26.0951 0712 \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
14:22:47.0730 4016 Deinitialize success
Die Funde, die mir Avira meldet, sind von den 3 Partitionen meiner externen Festplatte (I,K,L). Herzlichen Dank für deine Hilfe! Gruß, Andreas |
|
06.01.2012, 17:51
| #8 | |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort TDSSKiller Log Combofix.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.01.2012, 20:34
| #9 |
| | BOO/whistler.A im Master Bootsektor TDSSKiller - ein automatischer Reboot wurde nicht gemacht, ich habe diesen dann manuell ausgeführt - ein installierter Bootloader wurde deaktiviert Code:
ATTFilter 19:17:20.0980 1176 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:17:21.0043 1176 ============================================================
19:17:21.0043 1176 Current date / time: 2012/01/06 19:17:21.0043
19:17:21.0043 1176 SystemInfo:
19:17:21.0043 1176
19:17:21.0043 1176 OS Version: 6.1.7601 ServicePack: 1.0
19:17:21.0043 1176 Product type: Workstation
19:17:21.0043 1176 ComputerName: TABULARASA
19:17:21.0043 1176 UserName: Andi
19:17:21.0043 1176 Windows directory: C:\Windows
19:17:21.0043 1176 System windows directory: C:\Windows
19:17:21.0043 1176 Running under WOW64
19:17:21.0043 1176 Processor architecture: Intel x64
19:17:21.0043 1176 Number of processors: 4
19:17:21.0043 1176 Page size: 0x1000
19:17:21.0043 1176 Boot type: Normal boot
19:17:21.0043 1176 ============================================================
19:17:28.0110 1176 Initialize success
19:17:50.0199 2400 ============================================================
19:17:50.0199 2400 Scan started
19:17:50.0199 2400 Mode: Manual;
19:17:50.0199 2400 ============================================================
19:17:50.0371 2400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:17:50.0387 2400 1394ohci - ok
19:17:50.0387 2400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:17:50.0387 2400 ACPI - ok
19:17:50.0402 2400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:17:50.0402 2400 AcpiPmi - ok
19:17:50.0418 2400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:17:50.0418 2400 adp94xx - ok
19:17:50.0433 2400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:17:50.0433 2400 adpahci - ok
19:17:50.0449 2400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:17:50.0449 2400 adpu320 - ok
19:17:50.0465 2400 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:17:50.0465 2400 AFD - ok
19:17:50.0480 2400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:17:50.0480 2400 agp440 - ok
19:17:50.0480 2400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:17:50.0480 2400 aliide - ok
19:17:50.0496 2400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:17:50.0496 2400 amdide - ok
19:17:50.0511 2400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:17:50.0511 2400 AmdK8 - ok
19:17:50.0511 2400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:17:50.0511 2400 AmdPPM - ok
19:17:50.0527 2400 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:17:50.0527 2400 amdsata - ok
19:17:50.0543 2400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:17:50.0543 2400 amdsbs - ok
19:17:50.0543 2400 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:17:50.0543 2400 amdxata - ok
19:17:50.0558 2400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:17:50.0558 2400 AppID - ok
19:17:50.0574 2400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:17:50.0574 2400 arc - ok
19:17:50.0589 2400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:17:50.0589 2400 arcsas - ok
19:17:50.0589 2400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:50.0589 2400 AsyncMac - ok
19:17:50.0605 2400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:17:50.0605 2400 atapi - ok
19:17:50.0667 2400 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:17:50.0699 2400 atikmdag - ok
19:17:50.0714 2400 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
19:17:50.0714 2400 atksgt - ok
19:17:50.0730 2400 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:17:50.0730 2400 avgntflt - ok
19:17:50.0730 2400 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
19:17:50.0730 2400 avipbb - ok
19:17:50.0745 2400 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:17:50.0745 2400 avkmgr - ok
19:17:50.0761 2400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:17:50.0761 2400 b06bdrv - ok
19:17:50.0777 2400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:17:50.0777 2400 b57nd60a - ok
19:17:50.0792 2400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:17:50.0792 2400 Beep - ok
19:17:50.0792 2400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:17:50.0808 2400 blbdrive - ok
19:17:50.0808 2400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:17:50.0808 2400 bowser - ok
19:17:50.0823 2400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:17:50.0823 2400 BrFiltLo - ok
19:17:50.0823 2400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:17:50.0823 2400 BrFiltUp - ok
19:17:50.0839 2400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:17:50.0839 2400 Brserid - ok
19:17:50.0855 2400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:17:50.0855 2400 BrSerWdm - ok
19:17:50.0855 2400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:17:50.0855 2400 BrUsbMdm - ok
19:17:50.0870 2400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:17:50.0870 2400 BrUsbSer - ok
19:17:50.0870 2400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:17:50.0870 2400 BTHMODEM - ok
19:17:50.0886 2400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:17:50.0886 2400 cdfs - ok
19:17:50.0901 2400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:17:50.0901 2400 cdrom - ok
19:17:50.0917 2400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:17:50.0917 2400 circlass - ok
19:17:50.0933 2400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:17:50.0933 2400 CLFS - ok
19:17:50.0948 2400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:50.0948 2400 CmBatt - ok
19:17:50.0948 2400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:17:50.0948 2400 cmdide - ok
19:17:50.0964 2400 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:17:50.0964 2400 CNG - ok
19:17:50.0979 2400 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
19:17:50.0979 2400 COMMONFX.DLL - ok
19:17:50.0979 2400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:17:50.0979 2400 Compbatt - ok
19:17:50.0995 2400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:17:50.0995 2400 CompositeBus - ok
19:17:51.0011 2400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:17:51.0011 2400 crcdisk - ok
19:17:51.0026 2400 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:17:51.0026 2400 CSC - ok
19:17:51.0042 2400 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
19:17:51.0042 2400 CT20XUT.DLL - ok
19:17:51.0057 2400 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys
19:17:51.0057 2400 ctac32k - ok
19:17:51.0073 2400 ctaud2k (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys
19:17:51.0089 2400 ctaud2k - ok
19:17:51.0104 2400 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
19:17:51.0104 2400 CTAUDFX.DLL - ok
19:17:51.0104 2400 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
19:17:51.0104 2400 CTEAPSFX.DLL - ok
19:17:51.0120 2400 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
19:17:51.0120 2400 CTEDSPFX.DLL - ok
19:17:51.0135 2400 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
19:17:51.0135 2400 CTEDSPIO.DLL - ok
19:17:51.0151 2400 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
19:17:51.0151 2400 CTEDSPSY.DLL - ok
19:17:51.0151 2400 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
19:17:51.0167 2400 CTERFXFX.DLL - ok
19:17:51.0182 2400 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
19:17:51.0198 2400 CTEXFIFX.DLL - ok
19:17:51.0198 2400 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
19:17:51.0198 2400 CTHWIUT.DLL - ok
19:17:51.0213 2400 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys
19:17:51.0213 2400 ctprxy2k - ok
19:17:51.0229 2400 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
19:17:51.0229 2400 CTSBLFX.DLL - ok
19:17:51.0245 2400 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys
19:17:51.0245 2400 ctsfm2k - ok
19:17:51.0260 2400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:17:51.0260 2400 DfsC - ok
19:17:51.0260 2400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:17:51.0276 2400 discache - ok
19:17:51.0276 2400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:17:51.0276 2400 Disk - ok
19:17:51.0291 2400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:17:51.0291 2400 drmkaud - ok
19:17:51.0307 2400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:17:51.0323 2400 DXGKrnl - ok
19:17:51.0354 2400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:17:51.0369 2400 ebdrv - ok
19:17:51.0401 2400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:17:51.0401 2400 elxstor - ok
19:17:51.0416 2400 emupia (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys
19:17:51.0416 2400 emupia - ok
19:17:51.0416 2400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:17:51.0416 2400 ErrDev - ok
19:17:51.0432 2400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:17:51.0432 2400 exfat - ok
19:17:51.0447 2400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:17:51.0447 2400 fastfat - ok
19:17:51.0463 2400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:17:51.0463 2400 fdc - ok
19:17:51.0479 2400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:17:51.0479 2400 FileInfo - ok
19:17:51.0479 2400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:17:51.0479 2400 Filetrace - ok
19:17:51.0494 2400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:51.0494 2400 flpydisk - ok
19:17:51.0510 2400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:17:51.0510 2400 FltMgr - ok
19:17:51.0510 2400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:17:51.0525 2400 FsDepends - ok
19:17:51.0525 2400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:17:51.0525 2400 Fs_Rec - ok
19:17:51.0541 2400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:17:51.0541 2400 fvevol - ok
19:17:51.0541 2400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:17:51.0541 2400 gagp30kx - ok
19:17:51.0572 2400 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys
19:17:51.0588 2400 ha10kx2k - ok
19:17:51.0588 2400 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys
19:17:51.0603 2400 hap16v2k - ok
19:17:51.0603 2400 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys
19:17:51.0603 2400 hap17v2k - ok
19:17:51.0619 2400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:17:51.0619 2400 hcw85cir - ok
19:17:51.0635 2400 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:17:51.0635 2400 HdAudAddService - ok
19:17:51.0635 2400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:17:51.0635 2400 HDAudBus - ok
19:17:51.0650 2400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:17:51.0650 2400 HidBatt - ok
19:17:51.0666 2400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:17:51.0666 2400 HidBth - ok
19:17:51.0666 2400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:17:51.0666 2400 HidIr - ok
19:17:51.0681 2400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:17:51.0681 2400 HidUsb - ok
19:17:51.0697 2400 hotcore3 (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys
19:17:51.0697 2400 hotcore3 - ok
19:17:51.0713 2400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:17:51.0713 2400 HpSAMD - ok
19:17:51.0728 2400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:17:51.0728 2400 HTTP - ok
19:17:51.0728 2400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:17:51.0744 2400 hwpolicy - ok
19:17:51.0744 2400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:17:51.0744 2400 i8042prt - ok
19:17:51.0759 2400 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:17:51.0759 2400 iaStorV - ok
19:17:51.0775 2400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:17:51.0775 2400 iirsp - ok
19:17:51.0791 2400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:17:51.0791 2400 intelide - ok
19:17:51.0791 2400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:17:51.0791 2400 intelppm - ok
19:17:51.0806 2400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:51.0806 2400 IpFilterDriver - ok
19:17:51.0822 2400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:17:51.0822 2400 IPMIDRV - ok
19:17:51.0822 2400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:17:51.0822 2400 IPNAT - ok
19:17:51.0837 2400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:17:51.0837 2400 IRENUM - ok
19:17:51.0853 2400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:17:51.0853 2400 isapnp - ok
19:17:51.0853 2400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:17:51.0853 2400 iScsiPrt - ok
19:17:51.0869 2400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:17:51.0869 2400 kbdclass - ok
19:17:51.0884 2400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:17:51.0884 2400 kbdhid - ok
19:17:51.0884 2400 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:17:51.0884 2400 KSecDD - ok
19:17:51.0900 2400 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:17:51.0900 2400 KSecPkg - ok
19:17:51.0915 2400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:17:51.0915 2400 ksthunk - ok
19:17:51.0931 2400 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
19:17:51.0931 2400 lirsgt - ok
19:17:51.0931 2400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:51.0931 2400 lltdio - ok
19:17:51.0947 2400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:51.0947 2400 LSI_FC - ok
19:17:51.0962 2400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:51.0962 2400 LSI_SAS - ok
19:17:51.0978 2400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:51.0978 2400 LSI_SAS2 - ok
19:17:51.0978 2400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:51.0978 2400 LSI_SCSI - ok
19:17:51.0993 2400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:17:51.0993 2400 luafv - ok
19:17:51.0993 2400 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:17:52.0009 2400 MBAMProtector - ok
19:17:52.0009 2400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:17:52.0009 2400 megasas - ok
19:17:52.0025 2400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:17:52.0025 2400 MegaSR - ok
19:17:52.0040 2400 MHIKEY10 (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
19:17:52.0040 2400 MHIKEY10 - ok
19:17:52.0056 2400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:17:52.0056 2400 Modem - ok
19:17:52.0056 2400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:17:52.0056 2400 monitor - ok
19:17:52.0071 2400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:17:52.0071 2400 mouclass - ok
19:17:52.0071 2400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:52.0071 2400 mouhid - ok
19:17:52.0087 2400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:17:52.0087 2400 mountmgr - ok
19:17:52.0103 2400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:17:52.0103 2400 mpio - ok
19:17:52.0103 2400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:17:52.0103 2400 mpsdrv - ok
19:17:52.0118 2400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:17:52.0118 2400 MRxDAV - ok
19:17:52.0134 2400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:52.0134 2400 mrxsmb - ok
19:17:52.0149 2400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:52.0149 2400 mrxsmb10 - ok
19:17:52.0149 2400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:52.0149 2400 mrxsmb20 - ok
19:17:52.0181 2400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:17:52.0181 2400 msahci - ok
19:17:52.0181 2400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:17:52.0181 2400 msdsm - ok
19:17:52.0196 2400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:17:52.0196 2400 Msfs - ok
19:17:52.0212 2400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:17:52.0212 2400 mshidkmdf - ok
19:17:52.0227 2400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:17:52.0227 2400 msisadrv - ok
19:17:52.0243 2400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:52.0243 2400 MSKSSRV - ok
19:17:52.0243 2400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:52.0243 2400 MSPCLOCK - ok
19:17:52.0259 2400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:17:52.0259 2400 MSPQM - ok
19:17:52.0274 2400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:17:52.0274 2400 MsRPC - ok
19:17:52.0274 2400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:17:52.0274 2400 mssmbios - ok
19:17:52.0290 2400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:17:52.0290 2400 MSTEE - ok
19:17:52.0305 2400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:17:52.0305 2400 MTConfig - ok
19:17:52.0305 2400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:17:52.0305 2400 Mup - ok
19:17:52.0321 2400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:17:52.0321 2400 NativeWifiP - ok
19:17:52.0337 2400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:17:52.0352 2400 NDIS - ok
19:17:52.0352 2400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:52.0352 2400 NdisCap - ok
19:17:52.0368 2400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:52.0368 2400 NdisTapi - ok
19:17:52.0383 2400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:52.0383 2400 Ndisuio - ok
19:17:52.0383 2400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:52.0383 2400 NdisWan - ok
19:17:52.0399 2400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:17:52.0399 2400 NDProxy - ok
19:17:52.0415 2400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:17:52.0415 2400 NetBIOS - ok
19:17:52.0415 2400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:17:52.0415 2400 NetBT - ok
19:17:52.0430 2400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:17:52.0446 2400 nfrd960 - ok
19:17:52.0446 2400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:17:52.0446 2400 Npfs - ok
19:17:52.0461 2400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:17:52.0461 2400 nsiproxy - ok
19:17:52.0493 2400 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:17:52.0493 2400 Ntfs - ok
19:17:52.0508 2400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:17:52.0508 2400 Null - ok
19:17:52.0524 2400 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:17:52.0524 2400 nvraid - ok
19:17:52.0524 2400 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:17:52.0524 2400 nvstor - ok
19:17:52.0539 2400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:17:52.0539 2400 nv_agp - ok
19:17:52.0555 2400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:17:52.0555 2400 ohci1394 - ok
19:17:52.0571 2400 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys
19:17:52.0571 2400 ossrv - ok
19:17:52.0586 2400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:17:52.0586 2400 Parport - ok
19:17:52.0586 2400 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:17:52.0586 2400 partmgr - ok
19:17:52.0602 2400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:17:52.0602 2400 pci - ok
19:17:52.0617 2400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:17:52.0617 2400 pciide - ok
19:17:52.0617 2400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:17:52.0617 2400 pcmcia - ok
19:17:52.0633 2400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:17:52.0633 2400 pcw - ok
19:17:52.0649 2400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:17:52.0649 2400 PEAUTH - ok
19:17:52.0680 2400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:17:52.0680 2400 PptpMiniport - ok
19:17:52.0695 2400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:17:52.0695 2400 Processor - ok
19:17:52.0711 2400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:17:52.0711 2400 Psched - ok
19:17:52.0727 2400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:17:52.0742 2400 ql2300 - ok
19:17:52.0758 2400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:17:52.0758 2400 ql40xx - ok
19:17:52.0758 2400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:17:52.0758 2400 QWAVEdrv - ok
19:17:52.0773 2400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:17:52.0773 2400 RasAcd - ok
19:17:52.0789 2400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:52.0789 2400 RasAgileVpn - ok
19:17:52.0789 2400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:52.0789 2400 Rasl2tp - ok
19:17:52.0805 2400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:52.0805 2400 RasPppoe - ok
19:17:52.0820 2400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:17:52.0820 2400 RasSstp - ok
19:17:52.0836 2400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:17:52.0836 2400 rdbss - ok
19:17:52.0836 2400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:17:52.0836 2400 rdpbus - ok
19:17:52.0851 2400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:52.0851 2400 RDPCDD - ok
19:17:52.0867 2400 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:17:52.0867 2400 RDPDR - ok
19:17:52.0867 2400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:17:52.0867 2400 RDPENCDD - ok
19:17:52.0883 2400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:17:52.0883 2400 RDPREFMP - ok
19:17:52.0898 2400 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:17:52.0898 2400 RDPWD - ok
19:17:52.0914 2400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:17:52.0914 2400 rdyboost - ok
19:17:52.0929 2400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:17:52.0929 2400 rspndr - ok
19:17:52.0945 2400 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:17:52.0945 2400 RTL8167 - ok
19:17:52.0961 2400 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:17:52.0961 2400 s3cap - ok
19:17:52.0961 2400 SASDIFSV - ok
19:17:52.0961 2400 SASKUTIL - ok
19:17:52.0976 2400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:17:52.0976 2400 sbp2port - ok
19:17:52.0992 2400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:17:52.0992 2400 scfilter - ok
19:17:53.0007 2400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:17:53.0007 2400 secdrv - ok
19:17:53.0023 2400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:17:53.0023 2400 Serenum - ok
19:17:53.0023 2400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:17:53.0023 2400 Serial - ok
19:17:53.0039 2400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:17:53.0039 2400 sermouse - ok
19:17:53.0054 2400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:17:53.0054 2400 sffdisk - ok
19:17:53.0070 2400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:17:53.0070 2400 sffp_mmc - ok
19:17:53.0070 2400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:17:53.0070 2400 sffp_sd - ok
19:17:53.0085 2400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:17:53.0085 2400 sfloppy - ok
19:17:53.0101 2400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:17:53.0101 2400 SiSRaid2 - ok
19:17:53.0101 2400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:17:53.0117 2400 SiSRaid4 - ok
19:17:53.0117 2400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:17:53.0117 2400 Smb - ok
19:17:53.0132 2400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:17:53.0132 2400 spldr - ok
19:17:53.0148 2400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:17:53.0163 2400 srv - ok
19:17:53.0163 2400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:17:53.0179 2400 srv2 - ok
19:17:53.0179 2400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:17:53.0179 2400 srvnet - ok
19:17:53.0195 2400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:17:53.0195 2400 stexstor - ok
19:17:53.0210 2400 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:17:53.0210 2400 storflt - ok
19:17:53.0226 2400 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:17:53.0226 2400 storvsc - ok
19:17:53.0226 2400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:17:53.0226 2400 swenum - ok
19:17:53.0273 2400 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:17:53.0273 2400 Tcpip - ok
19:17:53.0304 2400 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:17:53.0319 2400 TCPIP6 - ok
19:17:53.0319 2400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:17:53.0319 2400 tcpipreg - ok
19:17:53.0335 2400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:17:53.0335 2400 TDPIPE - ok
19:17:53.0351 2400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:17:53.0351 2400 TDTCP - ok
19:17:53.0366 2400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:17:53.0366 2400 tdx - ok
19:17:53.0366 2400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:17:53.0366 2400 TermDD - ok
19:17:53.0397 2400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:53.0397 2400 tssecsrv - ok
19:17:53.0397 2400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:17:53.0397 2400 TsUsbFlt - ok
19:17:53.0413 2400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:17:53.0413 2400 tunnel - ok
19:17:53.0429 2400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:17:53.0429 2400 uagp35 - ok
19:17:53.0444 2400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:17:53.0444 2400 udfs - ok
19:17:53.0460 2400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:17:53.0460 2400 uliagpkx - ok
19:17:53.0460 2400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:17:53.0460 2400 umbus - ok
19:17:53.0475 2400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:17:53.0475 2400 UmPass - ok
19:17:53.0491 2400 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:53.0491 2400 usbccgp - ok
19:17:53.0507 2400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:17:53.0507 2400 usbcir - ok
19:17:53.0507 2400 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:17:53.0507 2400 usbehci - ok
19:17:53.0522 2400 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:17:53.0522 2400 usbhub - ok
19:17:53.0538 2400 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:17:53.0538 2400 usbohci - ok
19:17:53.0538 2400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:17:53.0538 2400 usbprint - ok
19:17:53.0553 2400 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:53.0553 2400 USBSTOR - ok
19:17:53.0569 2400 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:17:53.0569 2400 usbuhci - ok
19:17:53.0569 2400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:17:53.0569 2400 vdrvroot - ok
19:17:53.0585 2400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:53.0585 2400 vga - ok
19:17:53.0600 2400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:17:53.0600 2400 VgaSave - ok
19:17:53.0616 2400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:17:53.0616 2400 vhdmp - ok
19:17:53.0616 2400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:17:53.0616 2400 viaide - ok
19:17:53.0631 2400 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:17:53.0631 2400 vmbus - ok
19:17:53.0647 2400 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:17:53.0647 2400 VMBusHID - ok
19:17:53.0647 2400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:17:53.0647 2400 volmgr - ok
19:17:53.0663 2400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:17:53.0663 2400 volmgrx - ok
19:17:53.0678 2400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:17:53.0678 2400 volsnap - ok
19:17:53.0694 2400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:17:53.0694 2400 vsmraid - ok
19:17:53.0694 2400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:17:53.0694 2400 vwifibus - ok
19:17:53.0709 2400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:17:53.0709 2400 WacomPen - ok
19:17:53.0725 2400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:53.0725 2400 WANARP - ok
19:17:53.0725 2400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:53.0725 2400 Wanarpv6 - ok
19:17:53.0741 2400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:17:53.0741 2400 Wd - ok
19:17:53.0756 2400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:17:53.0772 2400 Wdf01000 - ok
19:17:53.0787 2400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:53.0787 2400 WfpLwf - ok
19:17:53.0803 2400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:17:53.0803 2400 WIMMount - ok
19:17:53.0819 2400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:17:53.0819 2400 WmiAcpi - ok
19:17:53.0850 2400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:17:53.0850 2400 ws2ifsl - ok
19:17:53.0865 2400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:17:53.0865 2400 WudfPf - ok
19:17:53.0865 2400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:53.0881 2400 WUDFRd - ok
19:17:53.0881 2400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:17:53.0897 2400 \Device\Harddisk0\DR0 - ok
19:17:53.0912 2400 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
19:17:54.0084 2400 \Device\Harddisk1\DR1 - ok
19:17:54.0084 2400 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR2
19:17:54.0224 2400 \Device\Harddisk2\DR2 - ok
19:17:54.0224 2400 MBR (0x1B8) (b34931cb5ab4a551cc4ef3fcaac10b1a) \Device\Harddisk3\DR3
19:17:54.0224 2400 \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - infected
19:17:54.0224 2400 \Device\Harddisk3\DR3 - detected Rootkit.Boot.Wistler.a (0)
19:17:54.0224 2400 Boot (0x1200) (adfa03575b4f3b6e35e0e54bea89876f) \Device\Harddisk0\DR0\Partition0
19:17:54.0224 2400 \Device\Harddisk0\DR0\Partition0 - ok
19:17:54.0240 2400 Boot (0x1200) (1b61523b98189e689985a3a6cd0d5445) \Device\Harddisk1\DR1\Partition0
19:17:54.0240 2400 \Device\Harddisk1\DR1\Partition0 - ok
19:17:54.0240 2400 Boot (0x1200) (3f52d85a74d8a5c8c2afaae97e450f83) \Device\Harddisk2\DR2\Partition0
19:17:54.0240 2400 \Device\Harddisk2\DR2\Partition0 - ok
19:17:54.0240 2400 Boot (0x1200) (35d02c479305b3c726e9c4dae215acfe) \Device\Harddisk3\DR3\Partition0
19:17:54.0240 2400 \Device\Harddisk3\DR3\Partition0 - ok
19:17:54.0240 2400 Boot (0x1200) (7b3d212cdfe9dac44140a512d9a5fb3c) \Device\Harddisk3\DR3\Partition1
19:17:54.0255 2400 \Device\Harddisk3\DR3\Partition1 - ok
19:17:54.0255 2400 Boot (0x1200) (5146ef7a5568af38a5488467ea96d4b0) \Device\Harddisk3\DR3\Partition2
19:17:54.0255 2400 \Device\Harddisk3\DR3\Partition2 - ok
19:17:54.0255 2400 ============================================================
19:17:54.0255 2400 Scan finished
19:17:54.0255 2400 ============================================================
19:17:54.0271 2600 Detected object count: 1
19:17:54.0271 2600 Actual detected object count: 1
19:17:59.0013 2600 \Device\Harddisk3\DR3 - processing error
19:18:14.0348 2600 \Device\Harddisk3\DR3 - restored
19:18:14.0348 2600 \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
19:18:28.0841 2700 Deinitialize success
[code] Combofix Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - Andi 06.01.2012 20:16:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2910 [GMT 1:00]
ausgeführt von:: c:\users\Andi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-06 19:19 . 2012-01-06 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-06 13:22 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{124D8571-834A-4D9D-BEFC-567495CF4F74}\mpengine.dll
2012-01-04 17:39 . 2012-01-06 19:12 -------- d-----w- c:\users\Andi\AppData\Roaming\Dropbox
2012-01-03 23:30 . 2012-01-03 23:30 -------- d-----w- c:\program files (x86)\ESET
2012-01-03 17:53 . 2012-01-03 17:53 -------- d-----w- c:\users\Andi\AppData\Roaming\Malwarebytes
2012-01-03 17:53 . 2012-01-03 17:53 -------- d-----w- c:\programdata\Malwarebytes
2012-01-03 17:53 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 17:41 . 2012-01-03 17:41 -------- d-----w- c:\users\Andi\AppData\Roaming\Canneverbe Limited
2012-01-03 17:41 . 2012-01-03 17:41 -------- d-----w- c:\programdata\Canneverbe Limited
2012-01-03 17:16 . 2012-01-03 17:16 -------- d-----w- c:\programdata\DesktopIcons
2012-01-03 17:16 . 2012-01-03 17:16 -------- d-----w- c:\users\Andi\AppData\Roaming\1&1 Mail & Media GmbH
2012-01-02 22:19 . 2012-01-02 22:19 -------- d-----w- c:\users\Andi\AppData\Local\Diagnostics
2012-01-02 16:36 . 2012-01-02 16:36 -------- d-----w- c:\users\Andi\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 16:36 . 2012-01-02 16:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-02 16:05 . 2012-01-02 16:05 -------- d-----w- c:\program files\CCleaner
2012-01-02 16:01 . 2012-01-02 16:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-01-02 16:01 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-01-02 16:01 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-01-02 16:01 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-01-02 16:01 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-01-02 16:01 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-29 00:30 . 2011-12-29 00:30 -------- d-----w- c:\users\Andi\AppData\Roaming\vlc
2011-12-28 13:37 . 2011-12-28 13:37 -------- d-----w- c:\users\Andi\AppData\Roaming\ProgSense
2011-12-28 13:37 . 2011-12-30 02:57 -------- d-----w- c:\users\Andi\AppData\Roaming\Orbit
2011-12-27 19:22 . 2011-12-27 19:22 -------- d-----w- c:\users\Andi\AppData\Local\My Games
2011-12-27 19:08 . 2011-12-27 19:08 -------- d-----w- c:\users\Andi\AppData\Local\Funcom
2011-12-25 20:10 . 2011-12-25 20:10 -------- d-----w- c:\programdata\Panda Security
2011-12-25 20:10 . 2011-12-25 20:10 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2011-12-23 19:05 . 2007-01-01 20:03 40960 ----a-r- c:\windows\SysWow64\psfind.dll
2011-12-23 19:05 . 2006-07-11 18:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-12-23 19:05 . 2006-07-11 18:35 503808 ----a-w- c:\windows\SysWow64\MSVCP71.dll
2011-12-23 18:02 . 2011-12-23 18:02 -------- d-----w- c:\programdata\createonepart
2011-12-23 17:59 . 2011-12-23 17:59 -------- d-----w- c:\programdata\redistpart
2011-12-23 17:59 . 2011-12-23 17:59 -------- d-----w- c:\programdata\explauncher
2011-12-23 17:59 . 2011-12-23 17:59 -------- d-----w- c:\programdata\launcher
2011-12-23 17:53 . 2011-12-23 17:53 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-23 17:53 . 2011-05-17 17:53 37456 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-12-23 17:53 . 2011-12-23 17:53 -------- d-----w- c:\program files (x86)\Paragon Software
2011-12-23 11:25 . 2011-12-23 11:25 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-18 17:42 . 2012-01-06 18:19 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-18 13:39 . 2011-12-18 15:45 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-12-18 13:39 . 2011-12-18 13:39 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-12-18 12:48 . 2011-12-18 13:00 2829 ----a-w- c:\windows\War3Unin.pif
2011-12-18 12:48 . 2011-12-18 13:00 139264 ----a-w- c:\windows\War3Unin.exe
2011-12-18 12:18 . 2011-12-18 12:26 967 ----a-w- c:\windows\ScUnin.pif
2011-12-18 12:18 . 2011-12-18 12:26 69632 ----a-w- c:\windows\ScUnin.exe
2011-12-18 12:04 . 2011-12-18 12:04 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-12-18 12:04 . 2011-12-18 12:04 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-12-18 12:04 . 2011-12-18 12:04 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-18 11:31 . 2011-12-18 12:55 -------- d-----w- c:\users\Andi\AppData\Roaming\Bioshock
2011-12-18 11:31 . 2011-12-18 11:31 -------- d--h--r- c:\users\Andi\AppData\Roaming\SecuROM
2011-12-18 11:28 . 2011-12-27 19:08 -------- d-----w- c:\programdata\Media Center Programs
2011-12-18 11:26 . 2011-12-18 11:26 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-17 22:27 . 2011-12-17 22:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-12-16 16:17 . 2011-12-16 16:17 -------- d-----w- c:\users\Andi\restore
2011-12-16 16:05 . 2011-12-18 17:38 -------- d-----w- c:\programdata\tmp
2011-12-16 16:05 . 2011-12-16 16:05 -------- d-----w- c:\programdata\hps
2011-12-16 15:27 . 2011-12-16 15:27 -------- d-----w- c:\programdata\Hewlett-Packard
2011-12-16 15:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-16 15:25 . 2011-12-16 15:25 -------- d-----w- c:\program files\Okidata
2011-12-16 15:25 . 2008-04-16 00:17 119296 ----a-w- c:\windows\system32\opnetext.dll
2011-12-16 15:25 . 2011-12-16 15:25 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-12-16 15:24 . 2007-04-26 13:21 29184 ----a-w- c:\windows\system32\OKLMON64.DLL
2011-12-16 15:24 . 2011-12-16 15:28 -------- d-----w- c:\programdata\OPPU
2011-12-16 15:24 . 2008-03-27 17:25 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\OPPUPP3.DLL
2011-12-16 15:24 . 2007-07-19 10:27 54784 ----a-w- c:\windows\system32\OPUSBEXT.DLL
2011-12-16 15:24 . 2007-03-14 21:59 39936 ----a-w- c:\windows\system32\OPEXTUAC.DLL
2011-12-15 16:37 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:37 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 16:37 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:37 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 16:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 16:37 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-13 20:51 . 2011-12-13 20:51 -------- d-----w- c:\windows\PCHEALTH
2011-12-13 20:47 . 2011-12-13 20:47 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-12-13 20:47 . 2011-12-13 20:47 -------- d-----w- c:\users\Andi\AppData\Local\Microsoft Help
2011-12-13 20:47 . 2011-12-17 22:28 -------- d-----w- c:\programdata\Microsoft Help
2011-12-13 20:47 . 2011-12-13 20:47 -------- d-----r- C:\MSOCache
2011-12-12 21:38 . 2011-12-12 21:38 -------- d-----w- c:\users\Andi\AppData\Local\Adobe
2011-12-12 21:36 . 2011-12-12 21:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-12 16:50 . 2011-12-13 20:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-12-11 15:42 . 2011-12-11 15:42 -------- d-----w- c:\users\Andi\AppData\Local\Thunderbird
2011-12-11 15:42 . 2011-12-11 15:42 -------- d-----w- c:\users\Andi\AppData\Roaming\Thunderbird
2011-12-11 15:41 . 2011-11-21 04:21 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-10 16:52 . 2011-12-10 16:52 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-12-10 16:52 . 2011-12-10 16:52 -------- d-----w- c:\windows\system32\wbem\en-US
2011-12-10 16:35 . 2011-12-10 16:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 16:35 . 2011-12-10 16:35 -------- d-----w- c:\windows\SysWow64\Macromed
2011-12-10 16:20 . 2011-12-10 16:20 -------- d-----w- c:\users\Andi\AppData\Local\Opera
2011-12-10 16:17 . 2008-10-27 09:04 514384 ----a-w- c:\windows\SysWow64\XAudio2_3.dll
2011-12-10 16:17 . 2008-10-27 09:04 235856 ----a-w- c:\windows\SysWow64\xactengine3_3.dll
2011-12-10 16:17 . 2008-10-27 09:04 23376 ----a-w- c:\windows\SysWow64\X3DAudio1_5.dll
2011-12-10 16:17 . 2008-10-27 09:04 70992 ----a-w- c:\windows\SysWow64\XAPOFX1_2.dll
2011-12-10 16:17 . 2008-05-30 13:19 507400 ----a-w- c:\windows\SysWow64\XAudio2_1.dll
2011-12-10 16:17 . 2008-05-30 13:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
2011-12-10 16:17 . 2008-05-30 13:17 65032 ----a-w- c:\windows\SysWow64\XAPOFX1_0.dll
2011-12-10 16:17 . 2008-05-30 13:17 25608 ----a-w- c:\windows\SysWow64\X3DAudio1_4.dll
2011-12-10 16:17 . 2008-05-30 13:11 467984 ----a-w- c:\windows\SysWow64\d3dx10_38.dll
2011-12-10 16:17 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2011-12-10 16:17 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\SysWow64\D3DCompiler_38.dll
2011-12-10 16:14 . 2011-12-10 16:23 -------- d-----w- c:\program files (x86)\Opera
2011-12-10 16:08 . 2011-12-10 16:08 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-12-10 16:05 . 2011-12-23 20:27 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-12-10 16:04 . 2011-12-10 16:04 -------- d-----w- c:\users\Andi\AppData\Roaming\InstallShield
2011-12-10 15:53 . 2011-12-10 15:53 8192 ----a-r- c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2011-12-10 15:53 . 2011-12-10 15:53 6144 ----a-r- c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2011-12-10 15:53 . 2011-12-10 15:53 11264 ----a-r- c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2011-12-10 15:50 . 2011-12-10 15:50 -------- d-----w- c:\windows\system32\SPReview
2011-12-10 15:50 . 2011-12-10 15:50 -------- d-----w- c:\windows\system32\EventProviders
2011-12-10 15:49 . 2011-12-10 15:49 -------- d-----w- c:\users\Andi\AppData\Local\2DBoy
2011-12-10 15:49 . 2011-12-10 15:49 -------- d-----w- c:\programdata\2DBoy
2011-12-10 15:46 . 2010-11-20 13:27 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2011-12-10 15:45 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-12-10 15:45 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-12-10 15:45 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-12-10 15:41 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-10 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-10 15:41 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-10 12:50 . 2011-12-10 13:02 -------- d-----w- C:\Games to not install
2011-12-10 12:44 . 2011-12-18 11:33 -------- d-----w- C:\saves
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 05:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-11 05:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-10 14:33 . 2011-10-20 20:44 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-15 13:29 . 2011-10-20 19:34 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-20 20:11 . 2011-10-20 20:11 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-20 20:11 . 2011-10-20 20:11 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-10-20 20:11 . 2011-10-20 20:11 136192 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-20 20:11 . 2011-10-20 20:11 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-10-11 13:00 . 2011-10-20 20:44 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-20 20:44 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\programme\Steam\steam.exe" [2011-12-18 1242448]
"SUPERAntiSpyware"="p:\program files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="p:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;p:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;p:\program files (x86)\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;p:\program files (x86)\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;p:\program files (x86)\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_home
FF - prefs.js: keyword.URL - hxxp://go.web.de/tb2/mff_keyurl_search/?su=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKLM-Run-AsioReg - CTASIO.DLL
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3644321233-799333344-2366422095-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2a,d2,41,a5,0a,34,e6,8a,42,a6,4f,0a,c5,bf,0d,8e,0a,fd,fc,15,45,c0,21,
91,50,ad,12,fb,0d,23,88,15,34,7b,6f,aa,f5,5f,c0,08,e9,6b,d7,0e,02,37,bf,12,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-3644321233-799333344-2366422095-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:99,7a,5d,8d,ae,17,5e,ec,18,8d,1a,0d,5d,18,85,50,a7,6f,f1,c8,b8,
11,0c,1f,62,45,38,fe,ca,5a,02,8c,0b,21,98,e3,a9,c9,41,3f,b3,86,94,18,df,d2,\
"rkeysecu"=hex:b3,be,9a,00,0f,90,af,59,79,32,6c,7e,3e,8c,a6,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-06 20:22:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-06 19:22
.
Vor Suchlauf: 8 Verzeichnis(se), 60.373.127.168 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 59.852.042.240 Bytes frei
.
- - End Of File - - 3101AFCC5436D609F40A79F1AE7FF5E4
|
|
06.01.2012, 21:14
| #10 |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Hy, wie läuft der Rechner ? ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
07.01.2012, 10:01
| #11 |
| | BOO/whistler.A im Master Bootsektor Hallo, der Rechner läuft einwandfrei. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 07:58:39
# local_time=2012-01-04 08:58:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6490135 6490135 0 0
# compatibility_mode=5893 16776573 100 94 4018 77263484 0 0
# compatibility_mode=8192 67108863 100 0 3799 3799 0 0
# scanned=823140
# found=3
# cleaned=0
# scan_time=73485
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean) 00000000000000000000000000000000 I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766 a variant of Java/Agent.DW trojan (unable to clean) 00000000000000000000000000000000 I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f multiple threats (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 07:47:35
# local_time=2012-01-07 08:47:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6752834 6752834 0 0
# compatibility_mode=5893 16776573 100 94 21604 77526183 0 0
# compatibility_mode=8192 67108863 100 0 266498 266498 0 0
# scanned=821511
# found=1
# cleaned=0
# scan_time=26121
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 7. Januar 2012 09:57
Es wird nach 3031180 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : TABULARASA
Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 26.10.2011 15:51:09
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 10.12.2011 14:33:48
AVREG.DLL : 12.1.0.27 227536 Bytes 10.12.2011 14:33:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:06:44
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 20:06:44
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 20:06:44
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 20:06:44
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 20:06:44
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 20:06:44
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 20:06:44
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 20:06:44
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 20:06:44
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 20:06:44
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 20:06:44
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 22:09:44
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 15:08:53
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 22:32:28
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 23:40:50
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 15:27:27
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 17:07:34
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 17:07:33
VBASE020.VDF : 7.11.20.179 2048 Bytes 06.01.2012 17:07:33
VBASE021.VDF : 7.11.20.180 2048 Bytes 06.01.2012 17:07:33
VBASE022.VDF : 7.11.20.181 2048 Bytes 06.01.2012 17:07:33
VBASE023.VDF : 7.11.20.182 2048 Bytes 06.01.2012 17:07:33
VBASE024.VDF : 7.11.20.183 2048 Bytes 06.01.2012 17:07:33
VBASE025.VDF : 7.11.20.184 2048 Bytes 06.01.2012 17:07:33
VBASE026.VDF : 7.11.20.185 2048 Bytes 06.01.2012 17:07:33
VBASE027.VDF : 7.11.20.186 2048 Bytes 06.01.2012 17:07:33
VBASE028.VDF : 7.11.20.187 2048 Bytes 06.01.2012 17:07:33
VBASE029.VDF : 7.11.20.188 2048 Bytes 06.01.2012 17:07:33
VBASE030.VDF : 7.11.20.189 2048 Bytes 06.01.2012 17:07:33
VBASE031.VDF : 7.11.20.192 2560 Bytes 06.01.2012 17:07:33
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 15:51:08
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 28.12.2011 23:16:01
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 10.12.2011 14:33:45
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 16:35:25
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 29.12.2011 23:40:54
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 29.12.2011 23:40:53
AEHELP.DLL : 8.1.18.0 254327 Bytes 26.10.2011 15:51:06
AEGEN.DLL : 8.1.5.17 405877 Bytes 10.12.2011 14:33:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 28.12.2011 23:15:58
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 10.12.2011 14:33:46
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f074bb5\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Samstag, 7. Januar 2012 09:57
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766
[0] Archivtyp: ZIP
--> report/Generator.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.U
--> report/HDDDetect.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
Beginne mit der Desinfektion:
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Samstag, 7. Januar 2012 09:58
Benötigte Zeit: 00:13 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
656 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
654 Dateien ohne Befall
2 Archive wurden durchsucht
1 Warnungen
0 Hinweise
22635 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Die Suchergebnisse werden an den Guard übermittelt.
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 7. Januar 2012 09:57
Es wird nach 3031180 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : TABULARASA
Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 26.10.2011 15:51:09
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 12:59:58
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 12:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 10.12.2011 14:33:48
AVREG.DLL : 12.1.0.27 227536 Bytes 10.12.2011 14:33:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:06:44
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 20:06:44
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 20:06:44
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 20:06:44
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 20:06:44
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 20:06:44
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 20:06:44
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 20:06:44
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 20:06:44
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 20:06:44
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 20:06:44
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 22:09:44
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 15:08:53
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 22:32:28
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 23:40:50
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 15:27:27
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 17:07:34
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 17:07:33
VBASE020.VDF : 7.11.20.179 2048 Bytes 06.01.2012 17:07:33
VBASE021.VDF : 7.11.20.180 2048 Bytes 06.01.2012 17:07:33
VBASE022.VDF : 7.11.20.181 2048 Bytes 06.01.2012 17:07:33
VBASE023.VDF : 7.11.20.182 2048 Bytes 06.01.2012 17:07:33
VBASE024.VDF : 7.11.20.183 2048 Bytes 06.01.2012 17:07:33
VBASE025.VDF : 7.11.20.184 2048 Bytes 06.01.2012 17:07:33
VBASE026.VDF : 7.11.20.185 2048 Bytes 06.01.2012 17:07:33
VBASE027.VDF : 7.11.20.186 2048 Bytes 06.01.2012 17:07:33
VBASE028.VDF : 7.11.20.187 2048 Bytes 06.01.2012 17:07:33
VBASE029.VDF : 7.11.20.188 2048 Bytes 06.01.2012 17:07:33
VBASE030.VDF : 7.11.20.189 2048 Bytes 06.01.2012 17:07:33
VBASE031.VDF : 7.11.20.192 2560 Bytes 06.01.2012 17:07:33
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 15:51:08
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 28.12.2011 23:16:01
AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 10.12.2011 14:33:45
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 16:35:25
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 29.12.2011 23:40:54
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 29.12.2011 23:40:53
AEHELP.DLL : 8.1.18.0 254327 Bytes 26.10.2011 15:51:06
AEGEN.DLL : 8.1.5.17 405877 Bytes 10.12.2011 14:33:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 28.12.2011 23:15:58
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 12:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 12:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 12:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 10.12.2011 14:33:46
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 12:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 12:59:51
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 12:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 12:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 13:00:00
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 13:00:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f074bb5\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Samstag, 7. Januar 2012 09:57
Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440
[0] Archivtyp: ZIP
--> main.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f
[0] Archivtyp: ZIP
--> photo/Zoom.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.CH.2
Beginne mit der Desinfektion:
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.CH.2
[WARNUNG] Die Datei wurde ignoriert.
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Samstag, 7. Januar 2012 09:58
Benötigte Zeit: 00:01 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
659 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
657 Dateien ohne Befall
3 Archive wurden durchsucht
2 Warnungen
0 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
|
|
07.01.2012, 10:37
| #12 |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Was ist denn W für eine Partition ? Ich sehe nämlich kein installiertes Java in den Logs
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
07.01.2012, 13:48
| #13 |
| | BOO/whistler.A im Master Bootsektor Partition W beinhaltet mein altes Windows XP System (welches ich noch nicht komplett deinstalliert habe, da ich das Windows 7 System erst einmal komplett aufsetzen wollte) |
|
07.01.2012, 16:12
| #14 |
| /// Selecta Jahrusso | BOO/whistler.A im Master Bootsektor Noch umständlicher kann man sich das Leben nicht machen. Ist dieses Win XP noch bootfähig bzw in Verwendung ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
07.01.2012, 18:40
| #15 | ||
| | BOO/whistler.A im Master BootsektorZitat:
Zitat:
|
|
| Themen zu BOO/whistler.A im Master Bootsektor |
| administrator, anti-malware, autostart, avira, boo/whistler.a, bootsektor, code, dateien, dateisystem, escan, eset, explorer, folge, gelöscht, heuristiks/extra, heuristiks/shuriken, java, java/agent.dw, laufwerk, mail.exe, malwarebytes, mas, neu, online, programm, programme, speicher, start, variant, virus |
Linear-Darstellung
