|
Log-Analyse und Auswertung: 50 Euro Virus - Windows wird blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.02.2012, 12:09 | #31 |
| 50 Euro Virus - Windows wird blockiert und mein eset scan, ich hoff das war der richtige Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=740bdccd8a42f5438b9d4ef418638ffb # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-23 05:57:44 # local_time=2012-01-23 06:57:44 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode=1280 16777215 100 0 85868 85868 0 0 # compatibility_mode=1797 16775166 100 94 255850 63875154 8942 0 # compatibility_mode=5893 16776573 100 94 8662 78969489 0 0 # compatibility_mode=8192 67108863 100 0 6367 6367 0 0 # scanned=148356 # found=9 # cleaned=9 # scan_time=3165 C:\Program Files\Application Updater\ApplicationUpdater.exe möglicherweise Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 Variante von Win32/Adware.Toolbar.Dealio Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C |
22.02.2012, 14:53 | #32 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Mach bitte ein neues OTL-Log. Ich hab in der Zwischenzeit den OTL-Baustein erneuert.
__________________Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
22.02.2012, 17:59 | #33 |
| 50 Euro Virus - Windows wird blockiert OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 2/22/2012 5:46:10 PM - Run 7 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Markus\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 72.29% Memory free 5.73 Gb Paging File | 4.56 Gb Available in Paging File | 79.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 348.63 Gb Free Space | 82.10% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Markus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (Impcd) -- C:\Windows\system32\DRIVERS\Impcd.sys (Intel Corporation) DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (HECI) Intel(R) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/06 16:00:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/04 22:53:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 12:22:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/22 18:37:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/06 16:00:29 | 000,000,000 | ---D | M] [2010/09/02 15:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions [2012/02/14 16:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions [2012/02/14 16:00:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/01/22 15:11:54 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\firefox@tvunetworks.com [2011/01/19 19:04:04 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar [2010/11/23 12:14:58 | 000,000,929 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml [2012/02/21 18:41:02 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml [2010/10/22 10:23:09 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml [2010/11/03 10:02:29 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml [2010/12/19 10:42:58 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml [2010/09/17 08:25:51 | 000,001,056 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml [2011/01/19 19:04:25 | 000,001,583 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml [2012/02/22 12:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com [2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com [2012/02/16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/12/19 10:36:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Markus\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Babylon Translator = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0347E98D-D06B-4AEF-B230-C68157063A19}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell - "" = AutoRun O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: BsScanner - Service SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: BsScanner - Service SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - msh263.drv File not found Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/17 15:08:41 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games [2012/02/17 15:08:41 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links [2012/01/23 17:51:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe [2010/06/28 14:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2007/10/14 19:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/22 17:21:00 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/02/22 17:21:00 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/22 17:21:00 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/02/22 17:21:00 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/22 17:18:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000UA.job [2012/02/22 17:17:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/22 12:22:21 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/02/22 12:21:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 12:21:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 12:12:40 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012/02/22 11:00:20 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000Core.job [2012/02/21 18:46:12 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/17 15:06:12 | 000,458,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/02/17 12:53:27 | 000,002,411 | ---- | M] () -- C:\Users\Markus\Desktop\Google Chrome.lnk [2012/01/23 17:54:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/22 19:16:17 | 000,017,408 | ---- | C] () -- C:\Users\Markus\AppData\Local\WebpageIcons.db [2011/11/30 13:00:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2011/11/30 13:00:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2011/11/30 13:00:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2011/11/30 13:00:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2011/11/30 13:00:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2011/03/17 17:27:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010/10/06 15:54:07 | 000,266,059 | ---- | C] () -- C:\Windows\hpwins23.dat [2010/06/29 00:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2010/06/29 00:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010/06/28 14:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/06/28 14:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/06/28 14:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010/06/28 14:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010/06/28 14:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/06/28 14:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/05/25 19:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi [2010/05/25 19:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe [2010/05/25 19:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2010/05/25 18:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2010/05/18 07:50:33 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/18 07:50:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/18 07:50:33 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/18 07:50:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009/11/06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 05:33:53 | 000,458,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/12/13 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite [2010/10/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\elsterformular [2011/11/08 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ [2010/09/29 18:15:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org [2012/01/04 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SAP [2010/12/13 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SoftGrid Client [2010/09/27 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TP [2011/09/09 12:21:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/09/05 20:28:15 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe [2010/12/03 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ArcSoft [2010/09/02 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Avira [2010/09/02 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\CyberLink [2010/12/13 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DAEMON Tools Lite [2011/09/04 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DivX [2010/10/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\elsterformular [2010/10/18 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HP [2011/11/08 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\ICQ [2010/09/02 10:22:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Identities [2010/09/02 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia [2012/01/23 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes [2009/07/14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Media Center Programs [2011/12/27 14:17:10 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft [2010/09/02 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla [2010/09/29 18:15:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\OpenOffice.org [2012/01/04 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SAP [2010/12/13 14:01:35 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\SoftGrid Client [2010/09/27 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TP [2011/07/31 19:37:05 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 03:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010/05/18 09:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/12/13 13:43:36 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < End of report > |
22.02.2012, 19:54 | #34 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data] IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data] IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/ IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://de.msn.com/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 4 [2011/01/19 19:04:04 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar [2010/11/23 12:14:58 | 000,000,929 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml [2012/02/21 18:41:02 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml [2010/10/22 10:23:09 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml [2010/11/03 10:02:29 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml [2010/12/19 10:42:58 | 000,000,950 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml [2010/09/17 08:25:51 | 000,001,056 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml [2011/01/19 19:04:25 | 000,001,583 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml [2012/02/22 12:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com [2011/12/30 19:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com [2010/12/19 10:36:50 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml CHR - Extension: Babylon Translator = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0\ O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell - "" = AutoRun O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\Shell\install\command - "" = G:\SETUP.EXE :Files C:\Program Files\pdfforge Toolbar :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
22.02.2012, 19:55 | #35 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Und nochwas: Zitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2012, 13:13 | #36 |
| 50 Euro Virus - Windows wird blockiert ja dazu habe ich auch gehört, dort habe ich mir auch diesen virus eingefangen. aus fehlern muss man halt lernen. Hier das logfile: Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully! HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKU\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully. Prefs.js: "Web Search..." removed from browser.search.defaultenginename Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://de.msn.com/" removed from browser.startup.homepage Prefs.js: smartwebprinting@hp.com:4.51 removed from extensions.enabledItems Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems Prefs.js: pdfforge@mybrowserbar.com:4.9 removed from extensions.enabledItems Prefs.js: wtxpcom@mybrowserbar.com:4.9 removed from extensions.enabledItems Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL Prefs.js: 4 removed from network.proxy.type C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\modules folder moved successfully. C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\locale\en-US folder moved successfully. C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\locale folder moved successfully. C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\components folder moved successfully. C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar\chrome folder moved successfully. C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\7f1ybd9t.default\extensions\vshare@toolbar folder moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\conduit.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\icqplugin.xml moved successfully. C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\searchplugins\web-search.xml moved successfully. C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com folder moved successfully. C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com folder moved successfully. C:\Program Files\mozilla firefox\extensions folder moved successfully. Folder C:\Program Files\mozilla firefox\extensions\pdfforge@mybrowserbar.com\ not found. Folder C:\Program Files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com\ not found. C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully. C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.3_0 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found. Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-3449834995-2028289882-1275101535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9d193b3-06b6-11e0-a815-d1bd71adcb8b}\ not found. File G:\SETUP.EXE not found. ========== FILES ========== C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully. C:\Program Files\pdfforge Toolbar\Res folder moved successfully. C:\Program Files\pdfforge Toolbar\IE\4.9 folder moved successfully. C:\Program Files\pdfforge Toolbar\IE folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\skin folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\locale folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\content folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully. C:\Program Files\pdfforge Toolbar\FF folder moved successfully. C:\Program Files\pdfforge Toolbar folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Markus ->Temp folder emptied: 8271580 bytes ->Temporary Internet Files folder emptied: 3235144 bytes ->Java cache emptied: 37729775 bytes ->FireFox cache emptied: 226463119 bytes ->Google Chrome cache emptied: 55727384 bytes ->Flash cache emptied: 4610 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 577737 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 317.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02232012_130433 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKQX6E8N\bg_site_f3[1].png moved successfully. Registry entries deleted on Reboot... |
23.02.2012, 13:59 | #37 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2012, 14:58 | #38 |
| 50 Euro Virus - Windows wird blockiert ich habe den tdss durchlaufen lassen, unten der log. es besteht jetzt noch die möglichkeit die gefundenen sachen zu löchen oder in quaratäne zu schicken. Was soll ich tun? Code:
ATTFilter 14:52:49.0829 6076 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 14:52:49.0850 6076 ============================================================ 14:52:49.0850 6076 Current date / time: 2012/02/23 14:52:49.0850 14:52:49.0850 6076 SystemInfo: 14:52:49.0850 6076 14:52:49.0850 6076 OS Version: 6.1.7600 ServicePack: 0.0 14:52:49.0850 6076 Product type: Workstation 14:52:49.0850 6076 ComputerName: MARKUS-PC 14:52:49.0851 6076 UserName: Markus 14:52:49.0851 6076 Windows directory: C:\Windows 14:52:49.0851 6076 System windows directory: C:\Windows 14:52:49.0851 6076 Processor architecture: Intel x86 14:52:49.0851 6076 Number of processors: 4 14:52:49.0851 6076 Page size: 0x1000 14:52:49.0851 6076 Boot type: Normal boot 14:52:49.0851 6076 ============================================================ 14:52:50.0262 6076 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:52:50.0264 6076 \Device\Harddisk0\DR0: 14:52:50.0264 6076 MBR used 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000 14:52:50.0360 6076 Initialize success 14:52:50.0360 6076 ============================================================ 14:53:50.0262 5364 ============================================================ 14:53:50.0262 5364 Scan started 14:53:50.0262 5364 Mode: Manual; SigCheck; TDLFS; 14:53:50.0262 5364 ============================================================ 14:53:50.0511 5364 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 14:53:50.0595 5364 1394ohci - ok 14:53:50.0640 5364 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 14:53:50.0672 5364 ACPI - ok 14:53:50.0769 5364 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 14:53:50.0796 5364 AcpiPmi - ok 14:53:50.0866 5364 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 14:53:50.0887 5364 adp94xx - ok 14:53:51.0017 5364 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 14:53:51.0043 5364 adpahci - ok 14:53:51.0175 5364 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 14:53:51.0201 5364 adpu320 - ok 14:53:51.0340 5364 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 14:53:51.0382 5364 Afc - ok 14:53:51.0431 5364 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 14:53:51.0455 5364 AFD - ok 14:53:51.0538 5364 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 14:53:51.0560 5364 agp440 - ok 14:53:51.0669 5364 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 14:53:51.0690 5364 aic78xx - ok 14:53:51.0814 5364 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 14:53:51.0834 5364 aliide - ok 14:53:51.0893 5364 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 14:53:51.0915 5364 amdagp - ok 14:53:52.0027 5364 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 14:53:52.0045 5364 amdide - ok 14:53:52.0089 5364 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 14:53:52.0111 5364 AmdK8 - ok 14:53:52.0132 5364 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 14:53:52.0147 5364 AmdPPM - ok 14:53:52.0187 5364 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 14:53:52.0209 5364 amdsata - ok 14:53:52.0239 5364 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 14:53:52.0253 5364 amdsbs - ok 14:53:52.0286 5364 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 14:53:52.0298 5364 amdxata - ok 14:53:52.0465 5364 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\Windows\system32\Drivers\ov550i.sys 14:53:52.0489 5364 APL531 ( UnsignedFile.Multi.Generic ) - warning 14:53:52.0489 5364 APL531 - detected UnsignedFile.Multi.Generic (1) 14:53:52.0542 5364 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 14:53:52.0562 5364 AppID - ok 14:53:52.0679 5364 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 14:53:52.0701 5364 arc - ok 14:53:52.0730 5364 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 14:53:52.0744 5364 arcsas - ok 14:53:52.0792 5364 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:53:52.0839 5364 AsyncMac - ok 14:53:52.0956 5364 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 14:53:52.0975 5364 atapi - ok 14:53:53.0037 5364 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 14:53:53.0053 5364 avgntflt - ok 14:53:53.0073 5364 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 14:53:53.0088 5364 avipbb - ok 14:53:53.0202 5364 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 14:53:53.0232 5364 b06bdrv - ok 14:53:53.0277 5364 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:53:53.0294 5364 b57nd60x - ok 14:53:53.0411 5364 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:53:53.0458 5364 Beep - ok 14:53:53.0496 5364 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:53:53.0510 5364 blbdrive - ok 14:53:53.0539 5364 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 14:53:53.0553 5364 bowser - ok 14:53:53.0591 5364 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:53:53.0609 5364 BrFiltLo - ok 14:53:53.0623 5364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:53:53.0639 5364 BrFiltUp - ok 14:53:53.0772 5364 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:53:53.0795 5364 Brserid - ok 14:53:53.0810 5364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:53:53.0826 5364 BrSerWdm - ok 14:53:53.0852 5364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:53:53.0869 5364 BrUsbMdm - ok 14:53:53.0897 5364 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:53:53.0912 5364 BrUsbSer - ok 14:53:53.0938 5364 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 14:53:53.0955 5364 BTHMODEM - ok 14:53:54.0057 5364 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:53:54.0096 5364 cdfs - ok 14:53:54.0184 5364 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 14:53:54.0211 5364 cdrom - ok 14:53:54.0318 5364 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 14:53:54.0342 5364 circlass - ok 14:53:54.0398 5364 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:53:54.0422 5364 CLFS - ok 14:53:54.0463 5364 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 14:53:54.0479 5364 CmBatt - ok 14:53:54.0507 5364 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 14:53:54.0520 5364 cmdide - ok 14:53:54.0564 5364 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 14:53:54.0590 5364 CNG - ok 14:53:54.0628 5364 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 14:53:54.0641 5364 Compbatt - ok 14:53:54.0743 5364 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:53:54.0769 5364 CompositeBus - ok 14:53:54.0808 5364 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 14:53:54.0819 5364 crcdisk - ok 14:53:54.0921 5364 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 14:53:54.0942 5364 DfsC - ok 14:53:54.0991 5364 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:53:55.0024 5364 discache - ok 14:53:55.0124 5364 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 14:53:55.0143 5364 Disk - ok 14:53:55.0268 5364 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 14:53:55.0298 5364 Dot4 - ok 14:53:55.0325 5364 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:53:55.0342 5364 Dot4Print - ok 14:53:55.0373 5364 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 14:53:55.0390 5364 dot4usb - ok 14:53:55.0432 5364 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:53:55.0460 5364 drmkaud - ok 14:53:55.0504 5364 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 14:53:55.0526 5364 DXGKrnl - ok 14:53:55.0657 5364 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 14:53:55.0711 5364 ebdrv - ok 14:53:55.0772 5364 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 14:53:55.0791 5364 elxstor - ok 14:53:55.0929 5364 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 14:53:55.0951 5364 ErrDev - ok 14:53:56.0110 5364 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:53:56.0156 5364 exfat - ok 14:53:56.0177 5364 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:53:56.0209 5364 fastfat - ok 14:53:56.0243 5364 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 14:53:56.0256 5364 fdc - ok 14:53:56.0303 5364 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:53:56.0315 5364 FileInfo - ok 14:53:56.0328 5364 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:53:56.0362 5364 Filetrace - ok 14:53:56.0393 5364 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 14:53:56.0407 5364 flpydisk - ok 14:53:56.0458 5364 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:53:56.0473 5364 FltMgr - ok 14:53:56.0590 5364 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:53:56.0610 5364 FsDepends - ok 14:53:56.0639 5364 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 14:53:56.0654 5364 Fs_Rec - ok 14:53:56.0728 5364 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 14:53:56.0758 5364 fvevol - ok 14:53:56.0813 5364 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:53:56.0830 5364 gagp30kx - ok 14:53:56.0865 5364 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:53:56.0888 5364 hcw85cir - ok 14:53:56.0947 5364 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 14:53:56.0969 5364 HdAudAddService - ok 14:53:57.0085 5364 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:53:57.0115 5364 HDAudBus - ok 14:53:57.0216 5364 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 14:53:57.0238 5364 HECI - ok 14:53:57.0253 5364 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 14:53:57.0269 5364 HidBatt - ok 14:53:57.0302 5364 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 14:53:57.0319 5364 HidBth - ok 14:53:57.0371 5364 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 14:53:57.0389 5364 HidIr - ok 14:53:57.0500 5364 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 14:53:57.0527 5364 HidUsb - ok 14:53:57.0650 5364 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:53:57.0668 5364 HpSAMD - ok 14:53:57.0798 5364 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 14:53:57.0849 5364 HTTP - ok 14:53:57.0864 5364 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 14:53:57.0874 5364 hwpolicy - ok 14:53:57.0991 5364 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 14:53:58.0014 5364 i8042prt - ok 14:53:58.0061 5364 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 14:53:58.0085 5364 iaStor - ok 14:53:58.0190 5364 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 14:53:58.0222 5364 iaStorV - ok 14:53:58.0454 5364 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:53:58.0572 5364 igfx - ok 14:53:58.0689 5364 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 14:53:58.0708 5364 iirsp - ok 14:53:58.0828 5364 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys 14:53:58.0848 5364 Impcd - ok 14:53:59.0036 5364 IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys 14:53:59.0107 5364 IntcAzAudAddService - ok 14:53:59.0209 5364 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys 14:53:59.0236 5364 IntcDAud - ok 14:53:59.0269 5364 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 14:53:59.0280 5364 intelide - ok 14:53:59.0322 5364 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:53:59.0338 5364 intelppm - ok 14:53:59.0389 5364 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:53:59.0435 5364 IpFilterDriver - ok 14:53:59.0469 5364 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:53:59.0483 5364 IPMIDRV - ok 14:53:59.0525 5364 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:53:59.0560 5364 IPNAT - ok 14:53:59.0597 5364 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:53:59.0629 5364 IRENUM - ok 14:53:59.0670 5364 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 14:53:59.0692 5364 isapnp - ok 14:53:59.0736 5364 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 14:53:59.0754 5364 iScsiPrt - ok 14:53:59.0819 5364 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:53:59.0842 5364 kbdclass - ok 14:53:59.0877 5364 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 14:53:59.0898 5364 kbdhid - ok 14:53:59.0963 5364 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 14:53:59.0986 5364 KSecDD - ok 14:54:00.0013 5364 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 14:54:00.0025 5364 KSecPkg - ok 14:54:00.0125 5364 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys 14:54:00.0143 5364 L1C - ok 14:54:00.0260 5364 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:54:00.0309 5364 lltdio - ok 14:54:00.0409 5364 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:54:00.0429 5364 LSI_FC - ok 14:54:00.0473 5364 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:54:00.0497 5364 LSI_SAS - ok 14:54:00.0534 5364 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:54:00.0546 5364 LSI_SAS2 - ok 14:54:00.0572 5364 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:54:00.0585 5364 LSI_SCSI - ok 14:54:00.0631 5364 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:54:00.0682 5364 luafv - ok 14:54:00.0745 5364 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 14:54:00.0764 5364 MBAMProtector - ok 14:54:00.0812 5364 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 14:54:00.0832 5364 megasas - ok 14:54:00.0882 5364 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 14:54:00.0899 5364 MegaSR - ok 14:54:00.0964 5364 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:54:01.0002 5364 Modem - ok 14:54:01.0038 5364 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:54:01.0070 5364 monitor - ok 14:54:01.0179 5364 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 14:54:01.0199 5364 mouclass - ok 14:54:01.0223 5364 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:54:01.0238 5364 mouhid - ok 14:54:01.0333 5364 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 14:54:01.0354 5364 mountmgr - ok 14:54:01.0391 5364 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 14:54:01.0410 5364 mpio - ok 14:54:01.0448 5364 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:54:01.0492 5364 mpsdrv - ok 14:54:01.0515 5364 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 14:54:01.0533 5364 MRxDAV - ok 14:54:01.0568 5364 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:54:01.0584 5364 mrxsmb - ok 14:54:01.0623 5364 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:54:01.0642 5364 mrxsmb10 - ok 14:54:01.0691 5364 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:54:01.0707 5364 mrxsmb20 - ok 14:54:01.0759 5364 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 14:54:01.0780 5364 msahci - ok 14:54:01.0871 5364 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 14:54:01.0893 5364 msdsm - ok 14:54:01.0928 5364 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:54:01.0960 5364 Msfs - ok 14:54:01.0976 5364 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:54:02.0007 5364 mshidkmdf - ok 14:54:02.0036 5364 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 14:54:02.0047 5364 msisadrv - ok 14:54:02.0110 5364 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:54:02.0144 5364 MSKSSRV - ok 14:54:02.0165 5364 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:54:02.0196 5364 MSPCLOCK - ok 14:54:02.0215 5364 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:54:02.0244 5364 MSPQM - ok 14:54:02.0265 5364 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:54:02.0276 5364 MsRPC - ok 14:54:02.0316 5364 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 14:54:02.0326 5364 mssmbios - ok 14:54:02.0350 5364 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:54:02.0382 5364 MSTEE - ok 14:54:02.0421 5364 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 14:54:02.0448 5364 MTConfig - ok 14:54:02.0471 5364 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:54:02.0482 5364 Mup - ok 14:54:02.0526 5364 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:54:02.0547 5364 NativeWifiP - ok 14:54:02.0582 5364 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 14:54:02.0603 5364 NDIS - ok 14:54:02.0640 5364 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:54:02.0671 5364 NdisCap - ok 14:54:02.0715 5364 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:54:02.0746 5364 NdisTapi - ok 14:54:02.0772 5364 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 14:54:02.0803 5364 Ndisuio - ok 14:54:02.0827 5364 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 14:54:02.0862 5364 NdisWan - ok 14:54:02.0895 5364 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 14:54:02.0926 5364 NDProxy - ok 14:54:03.0030 5364 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:54:03.0075 5364 NetBIOS - ok 14:54:03.0093 5364 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 14:54:03.0127 5364 NetBT - ok 14:54:03.0244 5364 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 14:54:03.0266 5364 nfrd960 - ok 14:54:03.0320 5364 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:54:03.0364 5364 Npfs - ok 14:54:03.0383 5364 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:54:03.0414 5364 nsiproxy - ok 14:54:03.0468 5364 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 14:54:03.0502 5364 Ntfs - ok 14:54:03.0528 5364 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:54:03.0558 5364 Null - ok 14:54:03.0604 5364 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 14:54:03.0616 5364 nvraid - ok 14:54:03.0641 5364 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 14:54:03.0653 5364 nvstor - ok 14:54:03.0696 5364 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 14:54:03.0709 5364 nv_agp - ok 14:54:03.0752 5364 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 14:54:03.0768 5364 ohci1394 - ok 14:54:03.0961 5364 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 14:54:03.0988 5364 Parport - ok 14:54:04.0022 5364 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 14:54:04.0040 5364 partmgr - ok 14:54:04.0067 5364 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 14:54:04.0082 5364 Parvdm - ok 14:54:04.0129 5364 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 14:54:04.0142 5364 pci - ok 14:54:04.0177 5364 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 14:54:04.0188 5364 pciide - ok 14:54:04.0233 5364 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 14:54:04.0247 5364 pcmcia - ok 14:54:04.0279 5364 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:54:04.0291 5364 pcw - ok 14:54:04.0322 5364 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:54:04.0363 5364 PEAUTH - ok 14:54:04.0507 5364 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:54:04.0557 5364 PptpMiniport - ok 14:54:04.0595 5364 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 14:54:04.0608 5364 Processor - ok 14:54:04.0666 5364 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:54:04.0701 5364 Psched - ok 14:54:04.0850 5364 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 14:54:04.0896 5364 ql2300 - ok 14:54:04.0933 5364 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 14:54:04.0945 5364 ql40xx - ok 14:54:04.0978 5364 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:54:04.0997 5364 QWAVEdrv - ok 14:54:05.0025 5364 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:54:05.0062 5364 RasAcd - ok 14:54:05.0108 5364 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:54:05.0144 5364 RasAgileVpn - ok 14:54:05.0171 5364 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:54:05.0204 5364 Rasl2tp - ok 14:54:05.0234 5364 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:54:05.0268 5364 RasPppoe - ok 14:54:05.0368 5364 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:54:05.0423 5364 RasSstp - ok 14:54:05.0445 5364 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 14:54:05.0479 5364 rdbss - ok 14:54:05.0516 5364 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 14:54:05.0532 5364 rdpbus - ok 14:54:05.0566 5364 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:54:05.0596 5364 RDPCDD - ok 14:54:05.0632 5364 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:54:05.0663 5364 RDPENCDD - ok 14:54:05.0683 5364 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:54:05.0717 5364 RDPREFMP - ok 14:54:05.0745 5364 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 14:54:05.0777 5364 RDPWD - ok 14:54:05.0810 5364 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 14:54:05.0823 5364 rdyboost - ok 14:54:05.0947 5364 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:54:05.0999 5364 rspndr - ok 14:54:06.0095 5364 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys 14:54:06.0115 5364 RSUSBSTOR - ok 14:54:06.0182 5364 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys 14:54:06.0210 5364 rtl8192se - ok 14:54:06.0311 5364 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 14:54:06.0338 5364 sbp2port - ok 14:54:06.0392 5364 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 14:54:06.0428 5364 scfilter - ok 14:54:06.0465 5364 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:54:06.0500 5364 secdrv - ok 14:54:06.0602 5364 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:54:06.0626 5364 Serenum - ok 14:54:06.0657 5364 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:54:06.0675 5364 Serial - ok 14:54:06.0720 5364 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 14:54:06.0746 5364 sermouse - ok 14:54:06.0781 5364 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 14:54:06.0793 5364 sffdisk - ok 14:54:06.0813 5364 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:54:06.0827 5364 sffp_mmc - ok 14:54:06.0849 5364 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:54:06.0861 5364 sffp_sd - ok 14:54:06.0888 5364 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 14:54:06.0904 5364 sfloppy - ok 14:54:06.0971 5364 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 14:54:06.0991 5364 sisagp - ok 14:54:07.0011 5364 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:54:07.0028 5364 SiSRaid2 - ok 14:54:07.0068 5364 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 14:54:07.0080 5364 SiSRaid4 - ok 14:54:07.0125 5364 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:54:07.0161 5364 Smb - ok 14:54:07.0189 5364 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:54:07.0199 5364 spldr - ok 14:54:07.0346 5364 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 14:54:07.0346 5364 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 14:54:07.0353 5364 sptd ( LockedFile.Multi.Generic ) - warning 14:54:07.0353 5364 sptd - detected LockedFile.Multi.Generic (1) 14:54:07.0391 5364 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 14:54:07.0417 5364 srv - ok 14:54:07.0451 5364 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 14:54:07.0469 5364 srv2 - ok 14:54:07.0498 5364 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 14:54:07.0513 5364 srvnet - ok 14:54:07.0559 5364 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 14:54:07.0574 5364 ssmdrv - ok 14:54:07.0619 5364 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 14:54:07.0633 5364 stexstor - ok 14:54:07.0741 5364 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 14:54:07.0753 5364 swenum - ok 14:54:07.0864 5364 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys 14:54:07.0883 5364 SynTP - ok 14:54:07.0960 5364 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 14:54:08.0003 5364 Tcpip - ok 14:54:08.0054 5364 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 14:54:08.0092 5364 TCPIP6 - ok 14:54:08.0127 5364 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 14:54:08.0156 5364 tcpipreg - ok 14:54:08.0176 5364 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 14:54:08.0205 5364 TDPIPE - ok 14:54:08.0229 5364 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 14:54:08.0258 5364 TDTCP - ok 14:54:08.0285 5364 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 14:54:08.0316 5364 tdx - ok 14:54:08.0353 5364 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 14:54:08.0363 5364 TermDD - ok 14:54:08.0420 5364 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:54:08.0452 5364 tssecsrv - ok 14:54:08.0523 5364 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 14:54:08.0580 5364 tunnel - ok 14:54:08.0607 5364 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 14:54:08.0617 5364 uagp35 - ok 14:54:08.0650 5364 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 14:54:08.0684 5364 udfs - ok 14:54:08.0727 5364 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:54:08.0750 5364 uliagpkx - ok 14:54:08.0826 5364 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 14:54:08.0843 5364 umbus - ok 14:54:08.0927 5364 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 14:54:08.0949 5364 UmPass - ok 14:54:08.0985 5364 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 14:54:08.0998 5364 usbccgp - ok 14:54:09.0050 5364 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 14:54:09.0083 5364 usbcir - ok 14:54:09.0100 5364 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys 14:54:09.0113 5364 usbehci - ok 14:54:09.0146 5364 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 14:54:09.0163 5364 usbhub - ok 14:54:09.0196 5364 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 14:54:09.0211 5364 usbohci - ok 14:54:09.0289 5364 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 14:54:09.0315 5364 usbprint - ok 14:54:09.0355 5364 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 14:54:09.0371 5364 usbscan - ok 14:54:09.0400 5364 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:54:09.0414 5364 USBSTOR - ok 14:54:09.0457 5364 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys 14:54:09.0471 5364 usbuhci - ok 14:54:09.0612 5364 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:54:09.0631 5364 vdrvroot - ok 14:54:09.0670 5364 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:54:09.0694 5364 vga - ok 14:54:09.0713 5364 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:54:09.0743 5364 VgaSave - ok 14:54:09.0787 5364 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 14:54:09.0800 5364 vhdmp - ok 14:54:09.0852 5364 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 14:54:09.0865 5364 viaagp - ok 14:54:09.0883 5364 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 14:54:09.0902 5364 ViaC7 - ok 14:54:09.0936 5364 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 14:54:09.0947 5364 viaide - ok 14:54:09.0986 5364 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 14:54:09.0999 5364 volmgr - ok 14:54:10.0034 5364 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:54:10.0051 5364 volmgrx - ok 14:54:10.0092 5364 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 14:54:10.0108 5364 volsnap - ok 14:54:10.0152 5364 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 14:54:10.0164 5364 vsmraid - ok 14:54:10.0201 5364 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 14:54:10.0216 5364 vwifibus - ok 14:54:10.0232 5364 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 14:54:10.0248 5364 vwififlt - ok 14:54:10.0291 5364 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 14:54:10.0304 5364 WacomPen - ok 14:54:10.0349 5364 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 14:54:10.0383 5364 WANARP - ok 14:54:10.0386 5364 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 14:54:10.0419 5364 Wanarpv6 - ok 14:54:10.0499 5364 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 14:54:10.0520 5364 Wd - ok 14:54:10.0560 5364 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:54:10.0582 5364 Wdf01000 - ok 14:54:10.0674 5364 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:54:10.0719 5364 WfpLwf - ok 14:54:10.0739 5364 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:54:10.0750 5364 WIMMount - ok 14:54:10.0878 5364 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 14:54:10.0902 5364 WinUsb - ok 14:54:10.0989 5364 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:54:11.0013 5364 WmiAcpi - ok 14:54:11.0138 5364 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:54:11.0181 5364 ws2ifsl - ok 14:54:11.0218 5364 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 14:54:11.0252 5364 WudfPf - ok 14:54:11.0272 5364 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:54:11.0304 5364 WUDFRd - ok 14:54:11.0348 5364 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0 14:54:14.0280 5364 \Device\Harddisk0\DR0 - ok 14:54:14.0317 5364 Boot (0x1200) (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0 14:54:14.0319 5364 \Device\Harddisk0\DR0\Partition0 - ok 14:54:14.0333 5364 Boot (0x1200) (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1 14:54:14.0335 5364 \Device\Harddisk0\DR0\Partition1 - ok 14:54:14.0371 5364 Boot (0x1200) (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2 14:54:14.0373 5364 \Device\Harddisk0\DR0\Partition2 - ok 14:54:14.0374 5364 ============================================================ 14:54:14.0374 5364 Scan finished 14:54:14.0374 5364 ============================================================ 14:54:14.0389 5616 Detected object count: 2 14:54:14.0389 5616 Actual detected object count: 2 |
23.02.2012, 15:10 | #39 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Irgendwie ist das Log unvollstöndig, die untere Zusammenfassung vermisse ich
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2012, 15:28 | #40 |
| 50 Euro Virus - Windows wird blockiertCode:
ATTFilter 14:52:49.0829 6076 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 14:52:49.0850 6076 ============================================================ 14:52:49.0850 6076 Current date / time: 2012/02/23 14:52:49.0850 14:52:49.0850 6076 SystemInfo: 14:52:49.0850 6076 14:52:49.0850 6076 OS Version: 6.1.7600 ServicePack: 0.0 14:52:49.0850 6076 Product type: Workstation 14:52:49.0850 6076 ComputerName: MARKUS-PC 14:52:49.0851 6076 UserName: Markus 14:52:49.0851 6076 Windows directory: C:\Windows 14:52:49.0851 6076 System windows directory: C:\Windows 14:52:49.0851 6076 Processor architecture: Intel x86 14:52:49.0851 6076 Number of processors: 4 14:52:49.0851 6076 Page size: 0x1000 14:52:49.0851 6076 Boot type: Normal boot 14:52:49.0851 6076 ============================================================ 14:52:50.0262 6076 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:52:50.0264 6076 \Device\Harddisk0\DR0: 14:52:50.0264 6076 MBR used 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000 14:52:50.0264 6076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000 14:52:50.0360 6076 Initialize success 14:52:50.0360 6076 ============================================================ 14:53:50.0262 5364 ============================================================ 14:53:50.0262 5364 Scan started 14:53:50.0262 5364 Mode: Manual; SigCheck; TDLFS; 14:53:50.0262 5364 ============================================================ 14:53:50.0511 5364 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 14:53:50.0595 5364 1394ohci - ok 14:53:50.0640 5364 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 14:53:50.0672 5364 ACPI - ok 14:53:50.0769 5364 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 14:53:50.0796 5364 AcpiPmi - ok 14:53:50.0866 5364 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 14:53:50.0887 5364 adp94xx - ok 14:53:51.0017 5364 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 14:53:51.0043 5364 adpahci - ok 14:53:51.0175 5364 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 14:53:51.0201 5364 adpu320 - ok 14:53:51.0340 5364 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 14:53:51.0382 5364 Afc - ok 14:53:51.0431 5364 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 14:53:51.0455 5364 AFD - ok 14:53:51.0538 5364 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 14:53:51.0560 5364 agp440 - ok 14:53:51.0669 5364 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 14:53:51.0690 5364 aic78xx - ok 14:53:51.0814 5364 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 14:53:51.0834 5364 aliide - ok 14:53:51.0893 5364 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 14:53:51.0915 5364 amdagp - ok 14:53:52.0027 5364 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 14:53:52.0045 5364 amdide - ok 14:53:52.0089 5364 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 14:53:52.0111 5364 AmdK8 - ok 14:53:52.0132 5364 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 14:53:52.0147 5364 AmdPPM - ok 14:53:52.0187 5364 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 14:53:52.0209 5364 amdsata - ok 14:53:52.0239 5364 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 14:53:52.0253 5364 amdsbs - ok 14:53:52.0286 5364 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 14:53:52.0298 5364 amdxata - ok 14:53:52.0465 5364 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\Windows\system32\Drivers\ov550i.sys 14:53:52.0489 5364 APL531 ( UnsignedFile.Multi.Generic ) - warning 14:53:52.0489 5364 APL531 - detected UnsignedFile.Multi.Generic (1) 14:53:52.0542 5364 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 14:53:52.0562 5364 AppID - ok 14:53:52.0679 5364 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 14:53:52.0701 5364 arc - ok 14:53:52.0730 5364 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 14:53:52.0744 5364 arcsas - ok 14:53:52.0792 5364 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:53:52.0839 5364 AsyncMac - ok 14:53:52.0956 5364 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 14:53:52.0975 5364 atapi - ok 14:53:53.0037 5364 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 14:53:53.0053 5364 avgntflt - ok 14:53:53.0073 5364 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 14:53:53.0088 5364 avipbb - ok 14:53:53.0202 5364 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 14:53:53.0232 5364 b06bdrv - ok 14:53:53.0277 5364 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:53:53.0294 5364 b57nd60x - ok 14:53:53.0411 5364 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:53:53.0458 5364 Beep - ok 14:53:53.0496 5364 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:53:53.0510 5364 blbdrive - ok 14:53:53.0539 5364 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 14:53:53.0553 5364 bowser - ok 14:53:53.0591 5364 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:53:53.0609 5364 BrFiltLo - ok 14:53:53.0623 5364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:53:53.0639 5364 BrFiltUp - ok 14:53:53.0772 5364 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:53:53.0795 5364 Brserid - ok 14:53:53.0810 5364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:53:53.0826 5364 BrSerWdm - ok 14:53:53.0852 5364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:53:53.0869 5364 BrUsbMdm - ok 14:53:53.0897 5364 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:53:53.0912 5364 BrUsbSer - ok 14:53:53.0938 5364 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 14:53:53.0955 5364 BTHMODEM - ok 14:53:54.0057 5364 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:53:54.0096 5364 cdfs - ok 14:53:54.0184 5364 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 14:53:54.0211 5364 cdrom - ok 14:53:54.0318 5364 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 14:53:54.0342 5364 circlass - ok 14:53:54.0398 5364 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:53:54.0422 5364 CLFS - ok 14:53:54.0463 5364 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 14:53:54.0479 5364 CmBatt - ok 14:53:54.0507 5364 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 14:53:54.0520 5364 cmdide - ok 14:53:54.0564 5364 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys 14:53:54.0590 5364 CNG - ok 14:53:54.0628 5364 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 14:53:54.0641 5364 Compbatt - ok 14:53:54.0743 5364 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:53:54.0769 5364 CompositeBus - ok 14:53:54.0808 5364 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 14:53:54.0819 5364 crcdisk - ok 14:53:54.0921 5364 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 14:53:54.0942 5364 DfsC - ok 14:53:54.0991 5364 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:53:55.0024 5364 discache - ok 14:53:55.0124 5364 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 14:53:55.0143 5364 Disk - ok 14:53:55.0268 5364 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 14:53:55.0298 5364 Dot4 - ok 14:53:55.0325 5364 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:53:55.0342 5364 Dot4Print - ok 14:53:55.0373 5364 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 14:53:55.0390 5364 dot4usb - ok 14:53:55.0432 5364 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:53:55.0460 5364 drmkaud - ok 14:53:55.0504 5364 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 14:53:55.0526 5364 DXGKrnl - ok 14:53:55.0657 5364 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 14:53:55.0711 5364 ebdrv - ok 14:53:55.0772 5364 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 14:53:55.0791 5364 elxstor - ok 14:53:55.0929 5364 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 14:53:55.0951 5364 ErrDev - ok 14:53:56.0110 5364 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:53:56.0156 5364 exfat - ok 14:53:56.0177 5364 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:53:56.0209 5364 fastfat - ok 14:53:56.0243 5364 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 14:53:56.0256 5364 fdc - ok 14:53:56.0303 5364 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:53:56.0315 5364 FileInfo - ok 14:53:56.0328 5364 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:53:56.0362 5364 Filetrace - ok 14:53:56.0393 5364 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 14:53:56.0407 5364 flpydisk - ok 14:53:56.0458 5364 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:53:56.0473 5364 FltMgr - ok 14:53:56.0590 5364 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:53:56.0610 5364 FsDepends - ok 14:53:56.0639 5364 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 14:53:56.0654 5364 Fs_Rec - ok 14:53:56.0728 5364 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 14:53:56.0758 5364 fvevol - ok 14:53:56.0813 5364 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:53:56.0830 5364 gagp30kx - ok 14:53:56.0865 5364 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:53:56.0888 5364 hcw85cir - ok 14:53:56.0947 5364 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 14:53:56.0969 5364 HdAudAddService - ok 14:53:57.0085 5364 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:53:57.0115 5364 HDAudBus - ok 14:53:57.0216 5364 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 14:53:57.0238 5364 HECI - ok 14:53:57.0253 5364 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 14:53:57.0269 5364 HidBatt - ok 14:53:57.0302 5364 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 14:53:57.0319 5364 HidBth - ok 14:53:57.0371 5364 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 14:53:57.0389 5364 HidIr - ok 14:53:57.0500 5364 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 14:53:57.0527 5364 HidUsb - ok 14:53:57.0650 5364 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:53:57.0668 5364 HpSAMD - ok 14:53:57.0798 5364 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 14:53:57.0849 5364 HTTP - ok 14:53:57.0864 5364 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 14:53:57.0874 5364 hwpolicy - ok 14:53:57.0991 5364 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 14:53:58.0014 5364 i8042prt - ok 14:53:58.0061 5364 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 14:53:58.0085 5364 iaStor - ok 14:53:58.0190 5364 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 14:53:58.0222 5364 iaStorV - ok 14:53:58.0454 5364 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys 14:53:58.0572 5364 igfx - ok 14:53:58.0689 5364 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 14:53:58.0708 5364 iirsp - ok 14:53:58.0828 5364 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys 14:53:58.0848 5364 Impcd - ok 14:53:59.0036 5364 IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys 14:53:59.0107 5364 IntcAzAudAddService - ok 14:53:59.0209 5364 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys 14:53:59.0236 5364 IntcDAud - ok 14:53:59.0269 5364 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 14:53:59.0280 5364 intelide - ok 14:53:59.0322 5364 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:53:59.0338 5364 intelppm - ok 14:53:59.0389 5364 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:53:59.0435 5364 IpFilterDriver - ok 14:53:59.0469 5364 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:53:59.0483 5364 IPMIDRV - ok 14:53:59.0525 5364 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:53:59.0560 5364 IPNAT - ok 14:53:59.0597 5364 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:53:59.0629 5364 IRENUM - ok 14:53:59.0670 5364 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 14:53:59.0692 5364 isapnp - ok 14:53:59.0736 5364 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 14:53:59.0754 5364 iScsiPrt - ok 14:53:59.0819 5364 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:53:59.0842 5364 kbdclass - ok 14:53:59.0877 5364 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 14:53:59.0898 5364 kbdhid - ok 14:53:59.0963 5364 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys 14:53:59.0986 5364 KSecDD - ok 14:54:00.0013 5364 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys 14:54:00.0025 5364 KSecPkg - ok 14:54:00.0125 5364 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys 14:54:00.0143 5364 L1C - ok 14:54:00.0260 5364 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:54:00.0309 5364 lltdio - ok 14:54:00.0409 5364 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:54:00.0429 5364 LSI_FC - ok 14:54:00.0473 5364 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:54:00.0497 5364 LSI_SAS - ok 14:54:00.0534 5364 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:54:00.0546 5364 LSI_SAS2 - ok 14:54:00.0572 5364 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:54:00.0585 5364 LSI_SCSI - ok 14:54:00.0631 5364 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:54:00.0682 5364 luafv - ok 14:54:00.0745 5364 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 14:54:00.0764 5364 MBAMProtector - ok 14:54:00.0812 5364 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 14:54:00.0832 5364 megasas - ok 14:54:00.0882 5364 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 14:54:00.0899 5364 MegaSR - ok 14:54:00.0964 5364 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:54:01.0002 5364 Modem - ok 14:54:01.0038 5364 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:54:01.0070 5364 monitor - ok 14:54:01.0179 5364 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 14:54:01.0199 5364 mouclass - ok 14:54:01.0223 5364 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:54:01.0238 5364 mouhid - ok 14:54:01.0333 5364 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 14:54:01.0354 5364 mountmgr - ok 14:54:01.0391 5364 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 14:54:01.0410 5364 mpio - ok 14:54:01.0448 5364 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:54:01.0492 5364 mpsdrv - ok 14:54:01.0515 5364 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 14:54:01.0533 5364 MRxDAV - ok 14:54:01.0568 5364 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:54:01.0584 5364 mrxsmb - ok 14:54:01.0623 5364 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:54:01.0642 5364 mrxsmb10 - ok 14:54:01.0691 5364 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:54:01.0707 5364 mrxsmb20 - ok 14:54:01.0759 5364 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 14:54:01.0780 5364 msahci - ok 14:54:01.0871 5364 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 14:54:01.0893 5364 msdsm - ok 14:54:01.0928 5364 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:54:01.0960 5364 Msfs - ok 14:54:01.0976 5364 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:54:02.0007 5364 mshidkmdf - ok 14:54:02.0036 5364 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 14:54:02.0047 5364 msisadrv - ok 14:54:02.0110 5364 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:54:02.0144 5364 MSKSSRV - ok 14:54:02.0165 5364 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:54:02.0196 5364 MSPCLOCK - ok 14:54:02.0215 5364 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:54:02.0244 5364 MSPQM - ok 14:54:02.0265 5364 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:54:02.0276 5364 MsRPC - ok 14:54:02.0316 5364 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 14:54:02.0326 5364 mssmbios - ok 14:54:02.0350 5364 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:54:02.0382 5364 MSTEE - ok 14:54:02.0421 5364 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 14:54:02.0448 5364 MTConfig - ok 14:54:02.0471 5364 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:54:02.0482 5364 Mup - ok 14:54:02.0526 5364 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:54:02.0547 5364 NativeWifiP - ok 14:54:02.0582 5364 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 14:54:02.0603 5364 NDIS - ok 14:54:02.0640 5364 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:54:02.0671 5364 NdisCap - ok 14:54:02.0715 5364 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:54:02.0746 5364 NdisTapi - ok 14:54:02.0772 5364 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 14:54:02.0803 5364 Ndisuio - ok 14:54:02.0827 5364 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 14:54:02.0862 5364 NdisWan - ok 14:54:02.0895 5364 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 14:54:02.0926 5364 NDProxy - ok 14:54:03.0030 5364 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:54:03.0075 5364 NetBIOS - ok 14:54:03.0093 5364 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 14:54:03.0127 5364 NetBT - ok 14:54:03.0244 5364 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 14:54:03.0266 5364 nfrd960 - ok 14:54:03.0320 5364 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:54:03.0364 5364 Npfs - ok 14:54:03.0383 5364 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:54:03.0414 5364 nsiproxy - ok 14:54:03.0468 5364 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 14:54:03.0502 5364 Ntfs - ok 14:54:03.0528 5364 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:54:03.0558 5364 Null - ok 14:54:03.0604 5364 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 14:54:03.0616 5364 nvraid - ok 14:54:03.0641 5364 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 14:54:03.0653 5364 nvstor - ok 14:54:03.0696 5364 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 14:54:03.0709 5364 nv_agp - ok 14:54:03.0752 5364 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 14:54:03.0768 5364 ohci1394 - ok 14:54:03.0961 5364 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 14:54:03.0988 5364 Parport - ok 14:54:04.0022 5364 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 14:54:04.0040 5364 partmgr - ok 14:54:04.0067 5364 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 14:54:04.0082 5364 Parvdm - ok 14:54:04.0129 5364 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 14:54:04.0142 5364 pci - ok 14:54:04.0177 5364 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 14:54:04.0188 5364 pciide - ok 14:54:04.0233 5364 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 14:54:04.0247 5364 pcmcia - ok 14:54:04.0279 5364 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:54:04.0291 5364 pcw - ok 14:54:04.0322 5364 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:54:04.0363 5364 PEAUTH - ok 14:54:04.0507 5364 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:54:04.0557 5364 PptpMiniport - ok 14:54:04.0595 5364 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 14:54:04.0608 5364 Processor - ok 14:54:04.0666 5364 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:54:04.0701 5364 Psched - ok 14:54:04.0850 5364 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 14:54:04.0896 5364 ql2300 - ok 14:54:04.0933 5364 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 14:54:04.0945 5364 ql40xx - ok 14:54:04.0978 5364 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:54:04.0997 5364 QWAVEdrv - ok 14:54:05.0025 5364 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:54:05.0062 5364 RasAcd - ok 14:54:05.0108 5364 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:54:05.0144 5364 RasAgileVpn - ok 14:54:05.0171 5364 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:54:05.0204 5364 Rasl2tp - ok 14:54:05.0234 5364 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:54:05.0268 5364 RasPppoe - ok 14:54:05.0368 5364 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:54:05.0423 5364 RasSstp - ok 14:54:05.0445 5364 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 14:54:05.0479 5364 rdbss - ok 14:54:05.0516 5364 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 14:54:05.0532 5364 rdpbus - ok 14:54:05.0566 5364 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:54:05.0596 5364 RDPCDD - ok 14:54:05.0632 5364 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:54:05.0663 5364 RDPENCDD - ok 14:54:05.0683 5364 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:54:05.0717 5364 RDPREFMP - ok 14:54:05.0745 5364 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 14:54:05.0777 5364 RDPWD - ok 14:54:05.0810 5364 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 14:54:05.0823 5364 rdyboost - ok 14:54:05.0947 5364 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:54:05.0999 5364 rspndr - ok 14:54:06.0095 5364 RSUSBSTOR (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys 14:54:06.0115 5364 RSUSBSTOR - ok 14:54:06.0182 5364 rtl8192se (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys 14:54:06.0210 5364 rtl8192se - ok 14:54:06.0311 5364 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 14:54:06.0338 5364 sbp2port - ok 14:54:06.0392 5364 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 14:54:06.0428 5364 scfilter - ok 14:54:06.0465 5364 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:54:06.0500 5364 secdrv - ok 14:54:06.0602 5364 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:54:06.0626 5364 Serenum - ok 14:54:06.0657 5364 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:54:06.0675 5364 Serial - ok 14:54:06.0720 5364 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 14:54:06.0746 5364 sermouse - ok 14:54:06.0781 5364 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 14:54:06.0793 5364 sffdisk - ok 14:54:06.0813 5364 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:54:06.0827 5364 sffp_mmc - ok 14:54:06.0849 5364 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:54:06.0861 5364 sffp_sd - ok 14:54:06.0888 5364 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 14:54:06.0904 5364 sfloppy - ok 14:54:06.0971 5364 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 14:54:06.0991 5364 sisagp - ok 14:54:07.0011 5364 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:54:07.0028 5364 SiSRaid2 - ok 14:54:07.0068 5364 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 14:54:07.0080 5364 SiSRaid4 - ok 14:54:07.0125 5364 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:54:07.0161 5364 Smb - ok 14:54:07.0189 5364 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:54:07.0199 5364 spldr - ok 14:54:07.0346 5364 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 14:54:07.0346 5364 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 14:54:07.0353 5364 sptd ( LockedFile.Multi.Generic ) - warning 14:54:07.0353 5364 sptd - detected LockedFile.Multi.Generic (1) 14:54:07.0391 5364 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 14:54:07.0417 5364 srv - ok 14:54:07.0451 5364 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 14:54:07.0469 5364 srv2 - ok 14:54:07.0498 5364 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 14:54:07.0513 5364 srvnet - ok 14:54:07.0559 5364 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 14:54:07.0574 5364 ssmdrv - ok 14:54:07.0619 5364 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 14:54:07.0633 5364 stexstor - ok 14:54:07.0741 5364 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 14:54:07.0753 5364 swenum - ok 14:54:07.0864 5364 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys 14:54:07.0883 5364 SynTP - ok 14:54:07.0960 5364 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 14:54:08.0003 5364 Tcpip - ok 14:54:08.0054 5364 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 14:54:08.0092 5364 TCPIP6 - ok 14:54:08.0127 5364 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 14:54:08.0156 5364 tcpipreg - ok 14:54:08.0176 5364 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 14:54:08.0205 5364 TDPIPE - ok 14:54:08.0229 5364 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 14:54:08.0258 5364 TDTCP - ok 14:54:08.0285 5364 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 14:54:08.0316 5364 tdx - ok 14:54:08.0353 5364 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 14:54:08.0363 5364 TermDD - ok 14:54:08.0420 5364 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:54:08.0452 5364 tssecsrv - ok 14:54:08.0523 5364 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 14:54:08.0580 5364 tunnel - ok 14:54:08.0607 5364 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 14:54:08.0617 5364 uagp35 - ok 14:54:08.0650 5364 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 14:54:08.0684 5364 udfs - ok 14:54:08.0727 5364 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:54:08.0750 5364 uliagpkx - ok 14:54:08.0826 5364 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 14:54:08.0843 5364 umbus - ok 14:54:08.0927 5364 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 14:54:08.0949 5364 UmPass - ok 14:54:08.0985 5364 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys 14:54:08.0998 5364 usbccgp - ok 14:54:09.0050 5364 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 14:54:09.0083 5364 usbcir - ok 14:54:09.0100 5364 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys 14:54:09.0113 5364 usbehci - ok 14:54:09.0146 5364 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys 14:54:09.0163 5364 usbhub - ok 14:54:09.0196 5364 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys 14:54:09.0211 5364 usbohci - ok 14:54:09.0289 5364 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 14:54:09.0315 5364 usbprint - ok 14:54:09.0355 5364 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 14:54:09.0371 5364 usbscan - ok 14:54:09.0400 5364 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:54:09.0414 5364 USBSTOR - ok 14:54:09.0457 5364 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys 14:54:09.0471 5364 usbuhci - ok 14:54:09.0612 5364 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:54:09.0631 5364 vdrvroot - ok 14:54:09.0670 5364 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:54:09.0694 5364 vga - ok 14:54:09.0713 5364 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:54:09.0743 5364 VgaSave - ok 14:54:09.0787 5364 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 14:54:09.0800 5364 vhdmp - ok 14:54:09.0852 5364 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 14:54:09.0865 5364 viaagp - ok 14:54:09.0883 5364 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 14:54:09.0902 5364 ViaC7 - ok 14:54:09.0936 5364 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 14:54:09.0947 5364 viaide - ok 14:54:09.0986 5364 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 14:54:09.0999 5364 volmgr - ok 14:54:10.0034 5364 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:54:10.0051 5364 volmgrx - ok 14:54:10.0092 5364 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 14:54:10.0108 5364 volsnap - ok 14:54:10.0152 5364 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 14:54:10.0164 5364 vsmraid - ok 14:54:10.0201 5364 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 14:54:10.0216 5364 vwifibus - ok 14:54:10.0232 5364 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 14:54:10.0248 5364 vwififlt - ok 14:54:10.0291 5364 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 14:54:10.0304 5364 WacomPen - ok 14:54:10.0349 5364 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 14:54:10.0383 5364 WANARP - ok 14:54:10.0386 5364 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 14:54:10.0419 5364 Wanarpv6 - ok 14:54:10.0499 5364 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 14:54:10.0520 5364 Wd - ok 14:54:10.0560 5364 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:54:10.0582 5364 Wdf01000 - ok 14:54:10.0674 5364 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:54:10.0719 5364 WfpLwf - ok 14:54:10.0739 5364 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:54:10.0750 5364 WIMMount - ok 14:54:10.0878 5364 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 14:54:10.0902 5364 WinUsb - ok 14:54:10.0989 5364 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:54:11.0013 5364 WmiAcpi - ok 14:54:11.0138 5364 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:54:11.0181 5364 ws2ifsl - ok 14:54:11.0218 5364 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 14:54:11.0252 5364 WudfPf - ok 14:54:11.0272 5364 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:54:11.0304 5364 WUDFRd - ok 14:54:11.0348 5364 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0 14:54:14.0280 5364 \Device\Harddisk0\DR0 - ok 14:54:14.0317 5364 Boot (0x1200) (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0 14:54:14.0319 5364 \Device\Harddisk0\DR0\Partition0 - ok 14:54:14.0333 5364 Boot (0x1200) (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1 14:54:14.0335 5364 \Device\Harddisk0\DR0\Partition1 - ok 14:54:14.0371 5364 Boot (0x1200) (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2 14:54:14.0373 5364 \Device\Harddisk0\DR0\Partition2 - ok 14:54:14.0374 5364 ============================================================ 14:54:14.0374 5364 Scan finished 14:54:14.0374 5364 ============================================================ 14:54:14.0389 5616 Detected object count: 2 14:54:14.0389 5616 Actual detected object count: 2 15:27:33.0035 5616 APL531 ( UnsignedFile.Multi.Generic ) - skipped by user 15:27:33.0035 5616 APL531 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:27:33.0035 5616 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:27:33.0036 5616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip |
23.02.2012, 17:26 | #41 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.02.2012, 14:22 | #42 |
| 50 Euro Virus - Windows wird blockiert Combofix Logfile: Code:
ATTFilter ComboFix 12-02-25.02 - Markus 27.02.2012 14:12:10.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.2032 [GMT 1:00] ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-01-27 bis 2012-02-27 )))))))))))))))))))))))))))))) . . 2012-02-27 13:17 . 2012-02-27 13:18 -------- d-----w- c:\users\Markus\AppData\Local\temp 2012-02-27 13:17 . 2012-02-27 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-24 16:02 . 2012-02-24 16:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3B6AACE-6EDE-444D-91DF-160895B5B1D0}\offreg.dll 2012-02-24 11:07 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3B6AACE-6EDE-444D-91DF-160895B5B1D0}\mpengine.dll 2012-02-23 12:04 . 2012-02-23 12:04 -------- d-----w- C:\_OTL 2012-02-22 11:22 . 2012-02-16 14:55 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-02-15 09:05 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 04:10 . 2010-06-28 23:04 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 14:24 . 2012-01-23 16:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-25 18:43 . 2010-05-25 18:43 3099136 ----a-w- c:\program files\openofficeorg32.msi 2012-02-16 14:55 . 2012-02-22 11:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2009-11-02 21:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-13 691696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 45998594 *NewlyCreated* - 74097575 *Deregistered* - 45998594 *Deregistered* - 74097575 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000Core.job - c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 14:21] . 2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449834995-2028289882-1275101535-1000UA.job - c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 14:21] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}\D416D65737E45647: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\7f1ybd9t.default\ FF - prefs.js: browser.search.selectedEngine - Google . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-BsScanner AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-02-27 14:19:27 ComboFix-quarantined-files.txt 2012-02-27 13:19 . Vor Suchlauf: 10 Verzeichnis(se), 374.078.517.248 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 373.988.286.464 Bytes frei . - - End Of File - - 708BE9516E5A44EB0325DF72AD3B5A5F |
27.02.2012, 16:44 | #43 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro Virus - Windows wird blockiert Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu 50 Euro Virus - Windows wird blockiert |
anzeige, bezahlen, bildschirm, blockiert, browser, eingefangen, euro, funktion, gen, laptop, modus, mozilla, netzwerk, neu, paypal, schei, schwarzer, schwarzer bildschirm, starte, starten, strg, virus, w-lan, windows, zugreifen |