Bundespolizei Trojaner

ginimo · 14.01.2012, 20:59

Juhu Helfer,

ich hab mir (mal wieder) ein Trojaner eingefangen. Da ich den "Aus Sicherheitsgründen wurde ihr Sicherheitssystem blockiert" Trojaner erst vor ein paar Wochen hatte, hab ich bereits ein Malware Scan gemacht und es scheint als wäre alles i.O. Ich würd aber gern auf Nummer sicher gehen. Daher hier die Logfiles. Achso, welches Virenprogramm wäre denn zu empfehlen, dass mir das zukünftig nicht 1x im Monat passiert?

cosinus · 16.01.2012, 16:00

Du hast schon wieder diese ransomware?
Ich hab dir letztes Mal zum Schluss einen Updatetext gepostet. Was hast du davon nicht umgesetzt?
Ich glaub kaum dass du den Mist wieder drauf hättest wenn du an jedes Updates gedacht hättest. Gerade Flashplayer, Java oder PDF-Viewer

ginimo · 19.01.2012, 15:04

Oh man, sorry!

In dem Moment wo ich "Dann wären wir durch" gelesen habe, bin ich den Rest nur noch überflogen.

Ich hab jetzt Secunia installiert und die ganzen Updates gemacht. Liegt es echt nur an den fehlenden Updates und mehr kann ich zur Sicherheit nicht machen? Und sehen die LogFiles soweit ok aus?

cosinus · 19.01.2012, 21:17

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ginimo · 23.01.2012, 22:29

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 06:36:02
# local_time=2011-12-20 07:36:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210175 99302694 261635 0
# compatibility_mode=5892 16776573 100 100 8528 161938858 0 0
# compatibility_mode=8192 67108863 100 0 8282 8282 0 0
# scanned=1155
# found=0
# cleaned=0
# scan_time=32
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 08:25:07
# local_time=2011-12-20 09:25:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 210325 99302844 261785 0
# compatibility_mode=5892 16776573 100 100 8678 161939008 0 0
# compatibility_mode=8192 67108863 100 0 8432 8432 0 0
# scanned=204839
# found=5
# cleaned=0
# scan_time=6427
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-279336f9 a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\63b90e34-30b6a901 Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\c3423b7-5e8d1d63 a variant of Java/Agent.DT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\ccc963b-15ddf887 probably a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 02:55:14
# local_time=2011-12-28 03:55:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 837933 99930452 308920 0
# compatibility_mode=5892 16776573 100 100 12753 162566616 0 0
# compatibility_mode=8192 67108863 100 0 636040 636040 0 0
# scanned=204861
# found=3
# cleaned=0
# scan_time=7025
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\Downloads\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\12212011_203844\C_Users\Gini\AppData\Roaming\Microsoft\dllhsts.exe Win32/LockScreen.AIG trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=eaa9370e92756745b2f73bfc406f99b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-23 03:42:44
# local_time=2012-01-23 04:42:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 5347 102222813 71736 0
# compatibility_mode=5892 16776573 100 100 157493 164858977 0 0
# compatibility_mode=8192 67108863 100 0 2928401 2928401 0 0
# scanned=209360
# found=15
# cleaned=0
# scan_time=7114
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEPVZLHF\pdfforgeToolbar[1].msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\78bf8d65-7b1eb159 Java/Exploit.CVE-2011-3544.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\Downloads\PDFCreator-1_2_3_setup(1).exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Gini\Downloads\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I

cosinus · 24.01.2012, 09:33

Gegen den PDFCreator ist nichts einzuwenden, aber du solltest nicht blind immer den Voreinstellungen vertrauen. Das Setup installiert dieses unnütze Browser-Plugin (Toolbar)!

Deinstallier diese Toolbars mal

ginimo · 24.01.2012, 23:13

ok deinstalliert. die häkchen bei den voreinstellungen mach ich meistens raus. (scheint mir diesmal nur entgangen zu sein)
soll ich noch irgendetwas machen?

cosinus · 25.01.2012, 10:12

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ginimo · 27.01.2012, 00:34

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.01.2012 00:07:31 - Run 7
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gini\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,18% Memory free
4,23 Gb Paging File | 2,46 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,20 Gb Total Space | 35,73 Gb Free Space | 16,15% Space Free | Partition Type: NTFS
Drive D: | 11,68 Gb Total Space | 2,21 Gb Free Space | 18,88% Space Free | Partition Type: NTFS
 
Computer Name: GINI-PC | User Name: Gini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Gini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
PRC - C:\Program Files\T-Mobile\InternetManager_Z\Bin\db_daemon.exe ()
PRC - C:\Program Files\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe ()
PRC - C:\Program Files\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe ()
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\audio.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\itapi.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\coder.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\log.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\db_daemon.exe ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\libgconfbackend-xml.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\libgconf-2.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\dbus-1.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\sqlite3.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll ()
MOD - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\libxml2.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\T-Mobile\InternetManager_Z\Bin\libexpat.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\System32\btwhidcs.dll ()
MOD - C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()
MOD - C:\WINDOWS\System32\aac_parser.ax ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PSI) -- C:\WINDOWS\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (WSDScan) -- C:\WINDOWS\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (cdrblock) -- C:\WINDOWS\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (GT680x) -- C:\WINDOWS\System32\drivers\Tr11691g.sys (   )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.order.3: ""
FF - prefs.js..browser.search.order.4: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Gini\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.12.04 19:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.27 00:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.16 23:53:36 | 000,000,000 | ---D | M]
 
[2009.08.04 22:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Extensions
[2012.01.24 23:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions
[2010.02.05 21:33:03 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.26 04:21:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gini\AppData\Roaming\mozilla\Firefox\Profiles\rme4ooak.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.20 14:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.11 03:25:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.27 00:06:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2011.12.21 21:46:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus S20 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Gini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1CC96D9-7745-4F6E-A238-4D941A15E209}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF38E2E8-A3E5-432E-BFA0-EA4F3DC1DDA4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gini\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {57C1E4AB-0EAB-9314-7649-86BC13BBE07B} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F1AB6F8D-00D4-C54E-2448-B05A7D5053C4} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CDV5 - cdv5codc.dll File not found
Drivers32: vidc.CDVC - cdvccodc.dll File not found
Drivers32: vidc.CDVH - cdvhcodc.dll File not found
Drivers32: vidc.CLLC - cllccodc.dll File not found
Drivers32: vidc.CMIC - cmiccodc.dll File not found
Drivers32: vidc.CUVC - cuvccodc.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave3 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\Gini\Desktop\Goethe!
[2012.01.26 21:36:20 | 000,000,000 | ---D | C] -- C:\Users\Gini\Desktop\Eine für 4
[2012.01.25 00:11:38 | 000,000,000 | ---D | C] -- C:\Users\Gini\Desktop\Magix Video 17 Deluxe
[2012.01.25 00:09:13 | 000,000,000 | ---D | C] -- C:\Users\Gini\Desktop\Geburtstag Claudi
[2012.01.17 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\Gini\AppData\Roaming\pdfforge
[2012.01.17 10:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.01.17 10:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.01.16 23:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.16 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.16 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.16 23:24:14 | 000,000,000 | ---D | C] -- C:\Users\Gini\AppData\Local\Secunia PSI
[2012.01.16 23:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.12.28 01:40:25 | 000,000,000 | ---D | C] -- C:\Users\Gini\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.28 01:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.28 01:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.28 01:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.02.07 18:11:16 | 000,017,168 | ---- | C] (   ) -- C:\Windows\System32\drivers\Tr11691g.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 00:01:28 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.01.27 00:01:28 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.01.27 00:01:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 00:01:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 00:01:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 21:53:22 | 000,123,904 | ---- | M] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.26 21:38:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.26 21:38:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.26 21:38:05 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.26 21:38:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.26 13:27:14 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.01.26 13:26:14 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 01:57:23 | 000,001,689 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.25 00:50:30 | 000,877,646 | ---- | M] () -- C:\Users\Gini\Desktop\DSC06663.JPG
[2012.01.25 00:49:56 | 000,792,509 | ---- | M] () -- C:\Users\Gini\Desktop\DSC066601.jpg
[2012.01.25 00:49:01 | 000,810,196 | ---- | M] () -- C:\Users\Gini\Desktop\DSC06664.JPG
[2012.01.24 23:34:17 | 003,425,503 | ---- | M] () -- C:\Users\Gini\Desktop\DSC06660.JPG
[2012.01.20 14:56:50 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.17 10:06:01 | 000,023,986 | ---- | M] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat
[2012.01.17 10:00:41 | 000,000,114 | ---- | M] () -- C:\Windows\System32\~.inf
[2012.01.17 01:05:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.01.17 01:04:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.01.17 00:53:43 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.01.17 00:53:43 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.01.17 00:53:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.01.16 23:53:20 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.16 23:24:08 | 000,000,859 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.01.14 20:04:54 | 000,008,484 | ---- | M] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat
[2012.01.14 19:00:24 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.12 23:26:29 | 000,000,512 | ---- | M] () -- C:\Users\Gini\Desktop\MBR.dat
[2012.01.09 22:20:27 | 001,827,426 | ---- | M] () -- C:\Users\Gini\Desktop\Barmer GEK - eGK.pdf
[2012.01.09 21:52:41 | 000,699,026 | ---- | M] () -- C:\Users\Gini\Desktop\0. Szene Unterwelt - Stand 09.01.2012.pdf
[2012.01.09 21:52:32 | 000,697,743 | ---- | M] () -- C:\Users\Gini\Desktop\2.pdf
[2011.12.28 01:39:22 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.25 00:49:55 | 000,792,509 | ---- | C] () -- C:\Users\Gini\Desktop\DSC066601.jpg
[2012.01.24 23:20:44 | 003,425,503 | ---- | C] () -- C:\Users\Gini\Desktop\DSC06660.JPG
[2012.01.24 23:20:43 | 000,810,196 | ---- | C] () -- C:\Users\Gini\Desktop\DSC06664.JPG
[2012.01.24 23:20:42 | 000,877,646 | ---- | C] () -- C:\Users\Gini\Desktop\DSC06663.JPG
[2012.01.17 10:03:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.17 09:47:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\~.inf
[2012.01.17 01:05:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.01.17 01:04:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.01.17 01:03:55 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.01.17 00:53:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.01.16 23:53:20 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.16 23:24:08 | 000,000,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.01.16 23:24:08 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.01.14 20:08:11 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.14 19:00:24 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.12 23:26:29 | 000,000,512 | ---- | C] () -- C:\Users\Gini\Desktop\MBR.dat
[2012.01.09 22:18:41 | 001,827,426 | ---- | C] () -- C:\Users\Gini\Desktop\Barmer GEK - eGK.pdf
[2012.01.09 21:52:41 | 000,699,026 | ---- | C] () -- C:\Users\Gini\Desktop\0. Szene Unterwelt - Stand 09.01.2012.pdf
[2012.01.09 21:52:28 | 000,697,743 | ---- | C] () -- C:\Users\Gini\Desktop\2.pdf
[2011.12.28 01:39:22 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.21 21:33:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.21 21:33:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.21 21:33:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.21 21:33:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.21 21:33:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.15 00:04:15 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.24 23:09:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.02.26 10:40:09 | 000,000,000 | ---- | C] () -- C:\Windows\canopus.ini
[2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius5db.dll
[2011.02.26 10:18:47 | 000,143,360 | ---- | C] () -- C:\Windows\System32\pavedius.dll
[2011.02.17 03:58:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.11.12 11:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.11.11 22:00:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.11 22:00:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.09.06 10:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2010.03.08 18:02:38 | 000,697,897 | ---- | C] () -- C:\Windows\unins000.exe
[2010.03.08 18:02:38 | 000,026,018 | ---- | C] () -- C:\Windows\unins000.dat
[2010.03.02 11:11:30 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.03.02 11:11:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.03.02 11:11:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.03.02 11:11:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.03.02 11:11:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.03.02 11:11:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.03.02 11:11:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.03.02 11:11:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.03.02 11:11:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.03.02 11:11:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.03.02 11:11:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.03.02 11:11:30 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.03.02 11:11:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.03.02 11:11:30 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.03.02 11:11:30 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.03.02 11:11:30 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.03.02 11:11:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.03.02 11:08:08 | 000,000,025 | ---- | C] () -- C:\Windows\CSES20.ini
[2010.02.07 18:23:13 | 000,030,720 | ---- | C] () -- C:\Windows\EWhiteu12.dat
[2010.02.07 18:23:13 | 000,000,004 | ---- | C] () -- C:\Windows\AErroru3.dat
[2010.02.07 18:23:11 | 000,030,720 | ---- | C] () -- C:\Windows\EDarku12.dat
[2010.02.07 18:23:08 | 000,000,006 | ---- | C] () -- C:\Windows\EExpou.dat
[2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EOffsetu.dat
[2010.02.07 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\EGain6.dat
[2010.02.07 18:11:16 | 000,188,416 | ---- | C] () -- C:\Windows\Ausba2.dll
[2010.02.07 18:11:16 | 000,026,624 | ---- | C] () -- C:\Windows\artcomm.dll
[2010.02.07 18:11:16 | 000,011,457 | ---- | C] () -- C:\Windows\Trust32.ini
[2010.02.07 18:11:16 | 000,002,495 | ---- | C] () -- C:\Windows\Ausba2.INI
[2009.12.25 08:51:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.06 16:59:45 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.06 16:59:44 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.23 23:43:48 | 000,008,484 | ---- | C] () -- C:\Users\Gini\AppData\Local\d3d9caps.dat
[2009.09.30 16:44:39 | 000,023,986 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\wklnhst.dat
[2009.08.05 02:20:13 | 000,123,904 | ---- | C] () -- C:\Users\Gini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 20:18:27 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.001
[2009.08.04 20:18:26 | 000,027,240 | ---- | C] () -- C:\Users\Gini\AppData\Roaming\nvModes.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008.04.15 20:59:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.04.15 20:59:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.04.15 20:50:48 | 000,001,689 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.11.26 21:18:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.26 21:18:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.26 21:18:48 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.26 21:18:48 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.09.05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,761,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.12.24 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\1&1 Mail & Media GmbH
[2012.01.02 02:56:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\BitTorrent
[2011.02.26 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Canopus
[2011.09.08 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.07.28 22:02:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DAEMON Tools Lite
[2011.05.29 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DeepBurner
[2011.12.24 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoft
[2011.01.06 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.01 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\EuroTalk
[2010.03.28 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Facebook
[2010.07.30 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\foobar2000
[2011.03.01 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\FreeFLVConverter
[2009.12.17 04:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\gtk-2.0
[2010.05.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\ICQ
[2010.12.04 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InternetManager_Z
[2012.01.16 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\IrfanView
[2011.06.29 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\MAGIX
[2010.03.05 06:42:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\OpenOffice.org
[2012.01.17 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\pdfforge
[2010.12.04 16:54:35 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile
[2010.12.04 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile Internet Manager
[2011.02.17 01:48:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Teleca
[2009.09.30 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Template
[2010.10.24 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\TubeBox
[2009.08.05 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WildTangent
[2012.01.26 01:57:22 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.24 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\1&1 Mail & Media GmbH
[2011.09.17 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Adobe
[2011.12.08 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Apple Computer
[2011.01.27 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Avira
[2012.01.02 02:56:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\BitTorrent
[2011.02.26 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Canopus
[2011.09.08 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.01.13 08:07:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\CyberLink
[2011.07.28 22:02:08 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DAEMON Tools Lite
[2011.05.29 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DeepBurner
[2010.05.31 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DivX
[2012.01.17 00:32:24 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Download Manager
[2012.01.01 20:13:24 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\dvdcss
[2011.12.24 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoft
[2011.01.06 00:12:50 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.09.01 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\EuroTalk
[2010.03.28 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Facebook
[2010.07.30 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\foobar2000
[2011.03.01 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\FreeFLVConverter
[2009.08.09 07:14:18 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Google
[2010.06.26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\GTek
[2009.12.17 04:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\gtk-2.0
[2010.08.24 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Helper
[2009.08.06 01:20:53 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Hewlett-Packard
[2009.08.08 04:57:41 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HP
[2012.01.19 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\HpUpdate
[2010.05.25 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\ICQ
[2009.08.04 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Identities
[2010.01.16 23:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InstallShield
[2010.12.04 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\InternetManager_Z
[2012.01.16 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\IrfanView
[2009.08.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Macromedia
[2011.06.29 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\MAGIX
[2011.12.20 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Media Center Programs
[2011.12.21 20:38:47 | 000,000,000 | --SD | M] -- C:\Users\Gini\AppData\Roaming\Microsoft
[2009.08.04 22:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Mozilla
[2010.09.13 22:12:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\NCH Software
[2010.03.05 06:42:06 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\OpenOffice.org
[2012.01.17 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\pdfforge
[2012.01.27 00:11:39 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Skype
[2011.07.14 23:02:13 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\skypePM
[2011.12.28 01:40:25 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\SUPERAntiSpyware.com
[2009.08.04 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Symantec
[2010.12.04 16:54:35 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile
[2010.12.04 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\T-Mobile Internet Manager
[2011.02.17 01:48:58 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Teleca
[2009.09.30 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\Template
[2010.10.24 13:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\TubeBox
[2012.01.08 12:24:54 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\vlc
[2009.08.05 14:27:02 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WildTangent
[2009.08.15 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Gini\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.03.28 00:22:51 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Gini\AppData\Roaming\Facebook\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.11.26 14:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.08.04 18:13:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.08.04 18:13:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys
[2007.07.13 05:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys
[2007.07.13 05:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\WINDOWS\ERDNT\cache\user32.dll
[2007.11.26 13:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\ERDNT\cache\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.01.17 00:53:35 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.01.17 00:53:35 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.01.17 00:53:33 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 27.01.2012, 10:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

ginimo · 28.01.2012, 19:22

Code:

ATTFilter

19:03:52.0272 5160	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:03:52.0418 5160	============================================================
19:03:52.0418 5160	Current date / time: 2012/01/28 19:03:52.0418
19:03:52.0418 5160	SystemInfo:
19:03:52.0418 5160	
19:03:52.0418 5160	OS Version: 6.0.6002 ServicePack: 2.0
19:03:52.0418 5160	Product type: Workstation
19:03:52.0418 5160	ComputerName: GINI-PC
19:03:52.0419 5160	UserName: Gini
19:03:52.0419 5160	Windows directory: C:\Windows
19:03:52.0419 5160	System windows directory: C:\Windows
19:03:52.0419 5160	Processor architecture: Intel x86
19:03:52.0419 5160	Number of processors: 2
19:03:52.0419 5160	Page size: 0x1000
19:03:52.0419 5160	Boot type: Normal boot
19:03:52.0419 5160	============================================================
19:03:53.0395 5160	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:03:53.0484 5160	Initialize success
19:19:23.0986 4108	============================================================
19:19:23.0986 4108	Scan started
19:19:23.0986 4108	Mode: Manual; SigCheck; TDLFS; 
19:19:23.0986 4108	============================================================
19:19:24.0707 4108	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:19:24.0963 4108	ACPI - ok
19:19:25.0152 4108	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:19:25.0176 4108	adp94xx - ok
19:19:25.0339 4108	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:19:25.0356 4108	adpahci - ok
19:19:25.0385 4108	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:19:25.0397 4108	adpu160m - ok
19:19:25.0465 4108	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:19:25.0478 4108	adpu320 - ok
19:19:25.0642 4108	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:19:25.0779 4108	AFD - ok
19:19:25.0910 4108	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:19:25.0926 4108	agp440 - ok
19:19:25.0954 4108	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:19:25.0973 4108	aic78xx - ok
19:19:26.0132 4108	aksfridge       (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
19:19:26.0241 4108	aksfridge - ok
19:19:26.0388 4108	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:19:26.0397 4108	aliide - ok
19:19:26.0458 4108	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:19:26.0468 4108	amdagp - ok
19:19:26.0569 4108	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:19:26.0579 4108	amdide - ok
19:19:26.0606 4108	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:19:26.0761 4108	AmdK7 - ok
19:19:26.0861 4108	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:19:26.0935 4108	AmdK8 - ok
19:19:27.0122 4108	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:19:27.0135 4108	arc - ok
19:19:27.0179 4108	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:19:27.0197 4108	arcsas - ok
19:19:27.0309 4108	as6eio - ok
19:19:27.0371 4108	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:19:27.0495 4108	AsyncMac - ok
19:19:27.0610 4108	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:19:27.0632 4108	atapi - ok
19:19:27.0733 4108	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:19:27.0777 4108	avgio - ok
19:19:27.0907 4108	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:19:27.0963 4108	avgntflt - ok
19:19:28.0076 4108	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:19:28.0085 4108	avipbb - ok
19:19:28.0251 4108	BCM43XV         (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:19:28.0356 4108	BCM43XV - ok
19:19:28.0479 4108	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:19:28.0561 4108	Beep - ok
19:19:28.0675 4108	blbdrive - ok
19:19:28.0760 4108	BMLoad          (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
19:19:28.0789 4108	BMLoad ( UnsignedFile.Multi.Generic ) - warning
19:19:28.0789 4108	BMLoad - detected UnsignedFile.Multi.Generic (1)
19:19:28.0957 4108	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:19:29.0012 4108	bowser - ok
19:19:29.0142 4108	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:19:29.0242 4108	BrFiltLo - ok
19:19:29.0345 4108	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:19:29.0417 4108	BrFiltUp - ok
19:19:29.0557 4108	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:19:29.0619 4108	Brserid - ok
19:19:29.0648 4108	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:19:29.0731 4108	BrSerWdm - ok
19:19:29.0834 4108	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:19:29.0894 4108	BrUsbMdm - ok
19:19:29.0909 4108	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:19:29.0968 4108	BrUsbSer - ok
19:19:30.0112 4108	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:19:30.0154 4108	BthEnum - ok
19:19:30.0307 4108	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:19:30.0403 4108	BTHMODEM - ok
19:19:30.0490 4108	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:19:30.0547 4108	BthPan - ok
19:19:30.0694 4108	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:19:30.0765 4108	BTHPORT - ok
19:19:30.0880 4108	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:19:30.0919 4108	BTHUSB - ok
19:19:31.0083 4108	btwaudio        (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
19:19:31.0098 4108	btwaudio - ok
19:19:31.0245 4108	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
19:19:31.0262 4108	btwavdt - ok
19:19:31.0280 4108	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
19:19:31.0293 4108	btwrchid - ok
19:19:31.0397 4108	CA561 - ok
19:19:31.0443 4108	catchme - ok
19:19:31.0578 4108	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:19:31.0617 4108	cdfs - ok
19:19:31.0753 4108	cdrblock        (15e3e2920adac7450e0c7ae5f23a5f53) C:\Windows\system32\DRIVERS\cdrblock.sys
19:19:31.0761 4108	cdrblock - ok
19:19:31.0834 4108	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:19:31.0865 4108	cdrom - ok
19:19:31.0958 4108	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:19:32.0024 4108	circlass - ok
19:19:32.0097 4108	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:19:32.0117 4108	CLFS - ok
19:19:32.0272 4108	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:19:32.0317 4108	CmBatt - ok
19:19:32.0358 4108	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:19:32.0368 4108	cmdide - ok
19:19:32.0513 4108	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:19:32.0524 4108	Compbatt - ok
19:19:32.0551 4108	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:19:32.0561 4108	crcdisk - ok
19:19:32.0648 4108	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:19:32.0703 4108	Crusoe - ok
19:19:32.0800 4108	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:19:32.0856 4108	DfsC - ok
19:19:33.0001 4108	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:19:33.0012 4108	disk - ok
19:19:33.0111 4108	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:19:33.0198 4108	drmkaud - ok
19:19:33.0309 4108	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:19:33.0337 4108	DXGKrnl - ok
19:19:33.0499 4108	E100B           (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
19:19:33.0579 4108	E100B - ok
19:19:33.0602 4108	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:19:33.0689 4108	E1G60 - ok
19:19:33.0849 4108	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:19:33.0861 4108	Ecache - ok
19:19:33.0919 4108	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:19:33.0935 4108	elxstor - ok
19:19:34.0114 4108	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:19:34.0173 4108	exfat - ok
19:19:34.0333 4108	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:19:34.0357 4108	fastfat - ok
19:19:34.0498 4108	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:19:34.0562 4108	fdc - ok
19:19:34.0648 4108	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:19:34.0662 4108	FileInfo - ok
19:19:34.0740 4108	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:19:34.0793 4108	Filetrace - ok
19:19:34.0850 4108	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:19:34.0904 4108	flpydisk - ok
19:19:35.0011 4108	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:19:35.0023 4108	FltMgr - ok
19:19:35.0218 4108	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:19:35.0235 4108	Fs_Rec - ok
19:19:35.0281 4108	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:19:35.0292 4108	gagp30kx - ok
19:19:35.0443 4108	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:19:35.0452 4108	GEARAspiWDM - ok
19:19:35.0497 4108	GT680x          (2c82b2b948cd8cef370d820178bc821c) C:\Windows\system32\Drivers\Tr11691g.SYS
19:19:35.0527 4108	GT680x ( UnsignedFile.Multi.Generic ) - warning
19:19:35.0527 4108	GT680x - detected UnsignedFile.Multi.Generic (1)
19:19:35.0649 4108	Hardlock        (2a2448dd47208722c0cf3665687ae9f6) C:\Windows\system32\drivers\hardlock.sys
19:19:35.0708 4108	Hardlock - ok
19:19:35.0869 4108	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:19:35.0947 4108	HdAudAddService - ok
19:19:35.0989 4108	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:19:36.0049 4108	HDAudBus - ok
19:19:36.0162 4108	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:19:36.0249 4108	HidBth - ok
19:19:36.0287 4108	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:19:36.0364 4108	HidIr - ok
19:19:36.0500 4108	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:19:36.0544 4108	HidUsb - ok
19:19:36.0678 4108	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:19:36.0688 4108	HpCISSs - ok
19:19:36.0740 4108	HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:19:36.0766 4108	HpqKbFiltr - ok
19:19:36.0895 4108	HpqRemHid       (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
19:19:36.0942 4108	HpqRemHid - ok
19:19:37.0096 4108	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:19:37.0149 4108	HSFHWAZL - ok
19:19:37.0207 4108	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:19:37.0279 4108	HSF_DPV - ok
19:19:37.0424 4108	HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:19:37.0468 4108	HTCAND32 - ok
19:19:37.0589 4108	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:19:37.0669 4108	HTTP - ok
19:19:37.0823 4108	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:19:37.0835 4108	i2omp - ok
19:19:37.0904 4108	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:19:37.0956 4108	i8042prt - ok
19:19:38.0138 4108	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:19:38.0318 4108	ialm - ok
19:19:38.0448 4108	iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
19:19:38.0468 4108	iaStor - ok
19:19:38.0505 4108	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:19:38.0531 4108	iaStorV - ok
19:19:38.0665 4108	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:19:38.0691 4108	iirsp - ok
19:19:38.0846 4108	IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
19:19:38.0964 4108	IntcAzAudAddService - ok
19:19:39.0080 4108	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:19:39.0089 4108	intelide - ok
19:19:39.0143 4108	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:19:39.0177 4108	intelppm - ok
19:19:39.0330 4108	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:19:39.0362 4108	IpFilterDriver - ok
19:19:39.0374 4108	IpInIp - ok
19:19:39.0420 4108	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:19:39.0463 4108	IPMIDRV - ok
19:19:39.0591 4108	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:19:39.0642 4108	IPNAT - ok
19:19:39.0798 4108	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:19:39.0837 4108	IRENUM - ok
19:19:39.0867 4108	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:19:39.0880 4108	isapnp - ok
19:19:40.0033 4108	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:19:40.0054 4108	iScsiPrt - ok
19:19:40.0099 4108	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:19:40.0116 4108	iteatapi - ok
19:19:40.0213 4108	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:19:40.0223 4108	iteraid - ok
19:19:40.0258 4108	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:19:40.0269 4108	kbdclass - ok
19:19:40.0301 4108	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:19:40.0334 4108	kbdhid - ok
19:19:40.0452 4108	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:19:40.0472 4108	KSecDD - ok
19:19:40.0645 4108	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:19:40.0682 4108	lltdio - ok
19:19:40.0732 4108	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:19:40.0743 4108	LSI_FC - ok
19:19:40.0858 4108	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:19:40.0871 4108	LSI_SAS - ok
19:19:40.0920 4108	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:19:40.0934 4108	LSI_SCSI - ok
19:19:41.0048 4108	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:19:41.0095 4108	luafv - ok
19:19:41.0130 4108	massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
19:19:41.0174 4108	massfilter - ok
19:19:41.0313 4108	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:19:41.0329 4108	MBAMProtector - ok
19:19:41.0403 4108	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:19:41.0420 4108	megasas - ok
19:19:41.0544 4108	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:19:41.0599 4108	Modem - ok
19:19:41.0760 4108	MODEMCSA        (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:19:41.0805 4108	MODEMCSA - ok
19:19:41.0930 4108	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:19:41.0973 4108	monitor - ok
19:19:42.0063 4108	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:19:42.0074 4108	mouclass - ok
19:19:42.0151 4108	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:19:42.0176 4108	mouhid - ok
19:19:42.0288 4108	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:19:42.0301 4108	MountMgr - ok
19:19:42.0424 4108	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:19:42.0436 4108	mpio - ok
19:19:42.0513 4108	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:19:42.0573 4108	mpsdrv - ok
19:19:42.0686 4108	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:19:42.0696 4108	Mraid35x - ok
19:19:42.0784 4108	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:19:42.0841 4108	MRxDAV - ok
19:19:42.0953 4108	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:19:42.0997 4108	mrxsmb - ok
19:19:43.0076 4108	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:19:43.0116 4108	mrxsmb10 - ok
19:19:43.0208 4108	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:19:43.0246 4108	mrxsmb20 - ok
19:19:43.0340 4108	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:19:43.0352 4108	msahci - ok
19:19:43.0413 4108	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:19:43.0427 4108	msdsm - ok
19:19:43.0507 4108	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:19:43.0572 4108	Msfs - ok
19:19:43.0683 4108	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:19:43.0699 4108	msisadrv - ok
19:19:43.0802 4108	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:19:43.0864 4108	MSKSSRV - ok
19:19:43.0939 4108	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:19:44.0000 4108	MSPCLOCK - ok
19:19:44.0052 4108	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:19:44.0138 4108	MSPQM - ok
19:19:44.0229 4108	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:19:44.0264 4108	MsRPC - ok
19:19:44.0342 4108	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:19:44.0367 4108	mssmbios - ok
19:19:44.0451 4108	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:19:44.0543 4108	MSTEE - ok
19:19:44.0616 4108	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:19:44.0627 4108	Mup - ok
19:19:44.0743 4108	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:19:44.0787 4108	NativeWifiP - ok
19:19:44.0906 4108	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:19:44.0927 4108	NDIS - ok
19:19:45.0064 4108	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:19:45.0100 4108	NdisTapi - ok
19:19:45.0138 4108	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:19:45.0162 4108	Ndisuio - ok
19:19:45.0221 4108	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:19:45.0270 4108	NdisWan - ok
19:19:45.0405 4108	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:19:45.0445 4108	NDProxy - ok
19:19:45.0576 4108	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:19:45.0600 4108	NetBIOS - ok
19:19:45.0656 4108	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:19:45.0679 4108	netbt - ok
19:19:45.0901 4108	NETw4v32        (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:19:46.0034 4108	NETw4v32 - ok
19:19:46.0271 4108	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:19:46.0549 4108	NETw5v32 - ok
19:19:46.0659 4108	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:19:46.0676 4108	nfrd960 - ok
19:19:46.0722 4108	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:19:46.0755 4108	Npfs - ok
19:19:46.0877 4108	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:19:46.0940 4108	nsiproxy - ok
19:19:47.0011 4108	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:19:47.0071 4108	Ntfs - ok
19:19:47.0175 4108	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:19:47.0265 4108	ntrigdigi - ok
19:19:47.0297 4108	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:19:47.0350 4108	Null - ok
19:19:47.0711 4108	nvlddmkm        (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:19:48.0163 4108	nvlddmkm - ok
19:19:48.0279 4108	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:19:48.0290 4108	nvraid - ok
19:19:48.0309 4108	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:19:48.0319 4108	nvstor - ok
19:19:48.0468 4108	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:19:48.0483 4108	nv_agp - ok
19:19:48.0493 4108	NwlnkFlt - ok
19:19:48.0505 4108	NwlnkFwd - ok
19:19:48.0574 4108	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:19:48.0612 4108	ohci1394 - ok
19:19:48.0754 4108	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:19:48.0836 4108	Parport - ok
19:19:48.0875 4108	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:19:48.0887 4108	partmgr - ok
19:19:48.0988 4108	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:19:49.0045 4108	Parvdm - ok
19:19:49.0086 4108	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:19:49.0099 4108	pci - ok
19:19:49.0216 4108	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:19:49.0225 4108	pciide - ok
19:19:49.0265 4108	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:19:49.0278 4108	pcmcia - ok
19:19:49.0488 4108	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:19:49.0588 4108	PEAUTH - ok
19:19:49.0760 4108	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:19:49.0804 4108	PptpMiniport - ok
19:19:49.0846 4108	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:19:49.0933 4108	Processor - ok
19:19:50.0072 4108	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:19:50.0130 4108	PSched - ok
19:19:50.0269 4108	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
19:19:50.0291 4108	PSI - ok
19:19:50.0499 4108	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:19:50.0533 4108	ql2300 - ok
19:19:50.0634 4108	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:19:50.0645 4108	ql40xx - ok
19:19:50.0720 4108	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:19:50.0755 4108	QWAVEdrv - ok
19:19:50.0886 4108	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:19:50.0919 4108	RasAcd - ok
19:19:50.0959 4108	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:19:50.0985 4108	Rasl2tp - ok
19:19:51.0086 4108	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:19:51.0129 4108	RasPppoe - ok
19:19:51.0222 4108	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:19:51.0252 4108	RasSstp - ok
19:19:51.0292 4108	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:19:51.0321 4108	rdbss - ok
19:19:51.0426 4108	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:19:51.0482 4108	RDPCDD - ok
19:19:51.0547 4108	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:19:51.0646 4108	rdpdr - ok
19:19:51.0760 4108	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:19:51.0802 4108	RDPENCDD - ok
19:19:51.0863 4108	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:19:51.0901 4108	RDPWD - ok
19:19:52.0053 4108	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:19:52.0103 4108	RFCOMM - ok
19:19:52.0247 4108	rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:19:52.0294 4108	rimmptsk - ok
19:19:52.0436 4108	rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:19:52.0499 4108	rimsptsk - ok
19:19:52.0639 4108	rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:19:52.0701 4108	rismxdp - ok
19:19:52.0769 4108	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:19:52.0832 4108	rspndr - ok
19:19:52.0971 4108	RTL8169         (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:19:53.0039 4108	RTL8169 - ok
19:19:53.0128 4108	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:19:53.0135 4108	SASDIFSV - ok
19:19:53.0150 4108	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:19:53.0158 4108	SASKUTIL - ok
19:19:53.0284 4108	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:19:53.0294 4108	sbp2port - ok
19:19:53.0336 4108	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:19:53.0374 4108	sdbus - ok
19:19:53.0487 4108	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:19:53.0539 4108	secdrv - ok
19:19:53.0570 4108	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:19:53.0624 4108	Serenum - ok
19:19:53.0740 4108	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:19:53.0801 4108	Serial - ok
19:19:53.0907 4108	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:19:53.0940 4108	sermouse - ok
19:19:53.0974 4108	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:19:53.0993 4108	sffdisk - ok
19:19:54.0101 4108	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:19:54.0151 4108	sffp_mmc - ok
19:19:54.0183 4108	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:19:54.0210 4108	sffp_sd - ok
19:19:54.0317 4108	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:19:54.0368 4108	sfloppy - ok
19:19:54.0394 4108	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:19:54.0407 4108	sisagp - ok
19:19:54.0514 4108	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:19:54.0527 4108	SiSRaid2 - ok
19:19:54.0552 4108	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:19:54.0566 4108	SiSRaid4 - ok
19:19:54.0616 4108	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:19:54.0649 4108	Smb - ok
19:19:54.0826 4108	smserial        (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
19:19:54.0915 4108	smserial - ok
19:19:55.0048 4108	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:19:55.0065 4108	spldr - ok
19:19:55.0134 4108	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:19:55.0185 4108	srv - ok
19:19:55.0294 4108	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:19:55.0352 4108	srv2 - ok
19:19:55.0384 4108	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:19:55.0398 4108	srvnet - ok
19:19:55.0512 4108	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:19:55.0519 4108	ssmdrv - ok
19:19:55.0595 4108	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:19:55.0605 4108	swenum - ok
19:19:55.0718 4108	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:19:55.0728 4108	Symc8xx - ok
19:19:55.0738 4108	SymIMMP - ok
19:19:55.0766 4108	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:19:55.0776 4108	Sym_hi - ok
19:19:55.0805 4108	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:19:55.0816 4108	Sym_u3 - ok
19:19:55.0948 4108	SynTP           (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
19:19:55.0962 4108	SynTP - ok
19:19:56.0028 4108	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:19:56.0071 4108	Tcpip - ok
19:19:56.0195 4108	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:19:56.0231 4108	Tcpip6 - ok
19:19:56.0335 4108	tcpipBM         (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
19:19:56.0354 4108	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
19:19:56.0354 4108	tcpipBM - detected UnsignedFile.Multi.Generic (1)
19:19:56.0397 4108	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:19:56.0427 4108	tcpipreg - ok
19:19:56.0532 4108	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:19:56.0603 4108	TDPIPE - ok
19:19:56.0631 4108	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:19:56.0673 4108	TDTCP - ok
19:19:56.0785 4108	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:19:56.0820 4108	tdx - ok
19:19:56.0926 4108	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:19:56.0938 4108	TermDD - ok
19:19:56.0981 4108	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:19:57.0023 4108	tssecsrv - ok
19:19:57.0161 4108	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:19:57.0203 4108	tunmp - ok
19:19:57.0311 4108	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:19:57.0363 4108	tunnel - ok
19:19:57.0401 4108	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:19:57.0411 4108	uagp35 - ok
19:19:57.0533 4108	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:19:57.0557 4108	udfs - ok
19:19:57.0607 4108	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:19:57.0617 4108	uliagpkx - ok
19:19:57.0713 4108	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:19:57.0728 4108	uliahci - ok
19:19:57.0767 4108	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:19:57.0781 4108	UlSata - ok
19:19:57.0885 4108	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:19:57.0899 4108	ulsata2 - ok
19:19:57.0943 4108	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:19:57.0984 4108	umbus - ok
19:19:58.0141 4108	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:19:58.0197 4108	USBAAPL - ok
19:19:58.0312 4108	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:19:58.0368 4108	usbccgp - ok
19:19:58.0491 4108	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:19:58.0597 4108	usbcir - ok
19:19:58.0733 4108	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:19:58.0774 4108	usbehci - ok
19:19:58.0817 4108	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:19:58.0872 4108	usbhub - ok
19:19:58.0978 4108	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:19:59.0058 4108	usbohci - ok
19:19:59.0103 4108	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:19:59.0145 4108	usbprint - ok
19:19:59.0281 4108	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:19:59.0350 4108	usbscan - ok
19:19:59.0404 4108	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:19:59.0482 4108	USBSTOR - ok
19:19:59.0601 4108	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:19:59.0651 4108	usbuhci - ok
19:19:59.0744 4108	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:19:59.0828 4108	usbvideo - ok
19:19:59.0936 4108	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:19:59.0960 4108	usb_rndisx - ok
19:20:00.0033 4108	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:20:00.0073 4108	vga - ok
19:20:00.0173 4108	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:20:00.0211 4108	VgaSave - ok
19:20:00.0265 4108	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:20:00.0276 4108	viaagp - ok
19:20:00.0362 4108	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:20:00.0420 4108	ViaC7 - ok
19:20:00.0509 4108	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:20:00.0524 4108	viaide - ok
19:20:00.0630 4108	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:20:00.0641 4108	volmgr - ok
19:20:00.0718 4108	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:20:00.0735 4108	volmgrx - ok
19:20:00.0826 4108	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:20:00.0840 4108	volsnap - ok
19:20:00.0918 4108	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:20:00.0930 4108	vsmraid - ok
19:20:01.0021 4108	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:20:01.0089 4108	WacomPen - ok
19:20:01.0162 4108	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:20:01.0201 4108	Wanarp - ok
19:20:01.0205 4108	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:20:01.0230 4108	Wanarpv6 - ok
19:20:01.0312 4108	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:20:01.0325 4108	Wd - ok
19:20:01.0386 4108	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:20:01.0415 4108	Wdf01000 - ok
19:20:01.0571 4108	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:20:01.0631 4108	winachsf - ok
19:20:01.0710 4108	winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
19:20:01.0754 4108	winusb - ok
19:20:01.0842 4108	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:20:01.0881 4108	WmiAcpi - ok
19:20:01.0995 4108	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:20:02.0035 4108	WpdUsb - ok
19:20:02.0130 4108	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:20:02.0190 4108	ws2ifsl - ok
19:20:02.0325 4108	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:20:02.0358 4108	WSDPrintDevice - ok
19:20:02.0417 4108	WSDScan         (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
19:20:02.0449 4108	WSDScan - ok
19:20:02.0564 4108	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:20:02.0607 4108	WUDFRd - ok
19:20:02.0684 4108	ZTEusbmdm6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:20:02.0724 4108	ZTEusbmdm6k - ok
19:20:02.0847 4108	ZTEusbnmea      (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:20:02.0867 4108	ZTEusbnmea - ok
19:20:02.0893 4108	ZTEusbser6k     (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:20:02.0914 4108	ZTEusbser6k - ok
19:20:02.0971 4108	MBR (0x1B8)     (ab2261d98ab453077a8fc300866b802f) \Device\Harddisk0\DR0
19:20:03.0836 4108	\Device\Harddisk0\DR0 - ok
19:20:03.0842 4108	Boot (0x1200)   (ded8f0cbff98bc813ae9fd22a5eee9b1) \Device\Harddisk0\DR0\Partition0
19:20:03.0844 4108	\Device\Harddisk0\DR0\Partition0 - ok
19:20:03.0867 4108	Boot (0x1200)   (6b5b1302ec484030ce305201feee8dd9) \Device\Harddisk0\DR0\Partition1
19:20:03.0869 4108	\Device\Harddisk0\DR0\Partition1 - ok
19:20:03.0870 4108	============================================================
19:20:03.0870 4108	Scan finished
19:20:03.0870 4108	============================================================
19:20:03.0895 3636	Detected object count: 3
19:20:03.0895 3636	Actual detected object count: 3
19:20:11.0208 3636	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:11.0208 3636	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:20:11.0210 3636	GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:11.0210 3636	GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:20:11.0212 3636	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:11.0212 3636	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 29.01.2012, 18:51

Ist soweit nun aufällig. Rechner jetzt wieder in Ordnung?

ginimo · 31.01.2012, 16:13

jep, soweit läuft fast alles...

mein internet bricht häufig ab. wir hatten ziemlich zeitnahe einen neuen router bekommen und ich kann nicht einschätzen ob es mit dem zusamenhängt oder mit meinem WiFi.

cosinus · 31.01.2012, 16:25

Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.
Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verbindung dort stabil ist

16.01.2012, 16:00	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Du hast schon wieder diese ransomware? Ich hab dir letztes Mal zum Schluss einen Updatetext gepostet. Was hast du davon nicht umgesetzt? Ich glaub kaum dass du den Mist wieder drauf hättest wenn du an jedes Updates gedacht hättest. Gerade Flashplayer, Java oder PDF-Viewer __________________ __________________

24.01.2012, 09:33	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Gegen den PDFCreator ist nichts einzuwenden, aber du solltest nicht blind immer den Voreinstellungen vertrauen. Das Setup installiert dieses unnütze Browser-Plugin (Toolbar)! Deinstallier diese Toolbars mal __________________ --> Bundespolizei Trojaner

29.01.2012, 18:51	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Trojaner Ist soweit nun aufällig. Rechner jetzt wieder in Ordnung? __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Trojaner

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner