| |
| |||||||
Log-Analyse und Auswertung: security center, Achtung! Ihr Windows System wurde blockiert!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.02.2012, 23:29
| #16 |
 |  security center, Achtung! Ihr Windows System wurde blockiert! OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/5/2012 11:05:29 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.98 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 68.13% Memory free 11.96 Gb Paging File | 10.05 Gb Available in Paging File | 84.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230.00 Gb Total Space | 186.47 Gb Free Space | 81.07% Space Free | Partition Type: NTFS Drive D: | 342.72 Gb Total Space | 342.62 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/04 21:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2012/01/31 11:55:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/14 11:15:38 | 004,394,576 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/01/04 14:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/12/23 07:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/29 06:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/11/10 00:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/10/13 14:54:17 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/12/21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/12/21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/06/03 18:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/11/28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/11/28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/11/28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 08:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/02/04 04:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/01/27 06:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/23 08:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/10/07 03:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/07/19 11:48:48 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) [2011/12/30 19:17:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: MyStart Search (Enabled) CHR - default_search_provider: search_url = hxxp://mystart.incredibar.com/mb106/?loc=IB_DS&search={searchTerms}&a=6OyoimFOtT&i=26 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: WordCaptureX (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf\1.1_0\npWCX.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Word CaptureX Extension = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf\1.1_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dili\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - Startup: C:\Users\Dili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C0E64D-360D-4D56-84F1-0AA53B1216EF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E420E3BF-C2A1-4233-BA32-746E24431A49}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{FA4C90A6-7213-410D-AADF-2F0507F55045} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/05 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\OTL [2012/02/05 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{974CE093-3FB8-4559-B5AF-BF04A264FAF4} [2012/02/05 21:58:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{603EC209-0572-4D37-82F6-A9BF2BC4FEF4} [2012/02/05 20:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/02/05 19:58:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012/02/05 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/05 19:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/05 19:58:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/05 19:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/02/05 16:03:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C2706F2F-D5B1-471E-8381-0ACE2F5DCE60} [2012/02/05 10:53:01 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/02/05 10:53:01 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/02/05 10:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/02/05 10:53:00 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/02/05 10:53:00 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/02/05 10:53:00 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2012/02/05 10:52:59 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/02/05 10:52:59 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/02/05 10:52:56 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/02/05 10:52:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/02/05 10:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/02/05 10:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/02/05 00:19:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C917401B-FF35-4180-A61E-0D635F8B7EC8} [2012/02/05 00:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DA98C607-864A-4333-9B32-05B27B417597} [2012/02/05 00:18:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{31006D15-BEBC-4F6A-9F1A-900F1F4E81BF} [2012/02/05 00:18:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0E94DB12-E511-47E8-AABC-E0092E42D113} [2012/02/05 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CA4595BD-D46C-49FC-A035-A236383E94DB} [2012/02/05 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A7CEAD97-76B8-455A-AF6D-DAA501A95DDA} [2012/02/05 00:09:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics [2012/02/04 21:43:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dili\Desktop\OTL.exe [2012/02/04 10:02:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F19DCD4A-E5F8-46CB-9042-8D2A2DF71AAA} [2012/02/04 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BED532B8-F6CD-4D8E-93F6-773CE1412C15} [2012/02/03 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4C4A1B77-0465-4BA7-9409-A526711CEE2E} [2012/02/03 21:11:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9DF6EEF0-B21F-40D7-882F-669AE0C68F66} [2012/02/03 09:08:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{EAD588B2-C4B4-44A3-9B11-9B5F91232677} [2012/02/03 09:07:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1047015F-7B3C-440F-A86B-6EFAB488F535} [2012/02/02 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2543112A-001C-4EAD-A084-52E0D72BE716} [2012/02/02 09:44:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{07663686-D829-42A2-BF17-6CFC5E9C3CDA} [2012/02/01 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BA40CEF3-9797-45C0-BBCC-FEA3FD0087AC} [2012/02/01 16:45:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F53794CB-2CFB-4978-A465-F42528528E88} [2012/01/31 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C30C71A0-C78D-4EFC-8059-6F7D8A3E00F0} [2012/01/31 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E19AC6A5-4B2D-4021-9ECA-017D2BA3A499} [2012/01/31 12:21:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/01/31 12:07:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012/01/31 09:55:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D19DF3AE-3BF4-4F1F-B983-EDCA460A1C2A} [2012/01/31 09:54:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{41EB946B-970F-4CC7-921E-A844510D5373} [2012/01/30 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7150AB69-4CF8-495E-BD70-81666CB1B661} [2012/01/30 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F4CC09E3-E672-404C-AF04-049EB12138C8} [2012/01/30 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B0C62E39-74D0-46DD-8884-0464D71F2CDD} [2012/01/30 09:48:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E6E38B22-21E2-4801-B2B2-39ED6FB40666} [2012/01/29 11:16:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B9943416-EEE7-464C-AA80-08E360596710} [2012/01/29 11:15:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2016D2F8-FC38-454A-A6E1-F8F5F585C1FE} [2012/01/28 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A8759D86-BACA-4F58-8059-92D324539BA6} [2012/01/28 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2253B5AB-6386-42BE-9C44-6F622FCD8F04} [2012/01/28 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A6F8B7CE-8B9D-43CA-A152-13C6ADBA6A05} [2012/01/28 10:19:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FCD8D079-23E3-4E0B-97C4-03C7E71A6EC4} [2012/01/27 22:03:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{764ECA08-D574-48D3-901E-A5637A238547} [2012/01/27 22:02:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B7468B65-F6CA-4A52-9098-7AAF643C9282} [2012/01/27 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FDE71007-1A9D-473E-98FF-6911ABD49CF9} [2012/01/27 09:55:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2CF108C9-0B4D-48E0-BB61-B50894979D9A} [2012/01/26 21:52:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E14F7AE7-8623-4BB1-BBEC-04922ADAECDA} [2012/01/26 21:52:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F7BDDEBA-776D-467D-B7DE-9B269EE601D8} [2012/01/26 09:49:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{701411CC-4BFC-4B25-B3B8-66836314FA5A} [2012/01/26 09:48:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{495AE020-2906-4655-8611-F2FFEE1FBC5E} [2012/01/25 11:00:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{156E820C-2F70-4B60-A8CF-6163324CB41D} [2012/01/25 11:00:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{927A2C1A-C8B1-49DC-AF73-860867F50954} [2012/01/24 22:58:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{25B338A9-E53C-48A2-A10C-9E1E0D0B198C} [2012/01/24 22:58:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{093425A6-1194-4481-8141-A09B7E2CDC12} [2012/01/24 10:53:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{71FD3096-B865-45A1-B4A3-0B55749176EE} [2012/01/24 10:53:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9DD2A916-F57D-4B79-816A-E4961F5EDB95} [2012/01/23 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F37E81AA-A973-4B38-BC65-19264EC043BA} [2012/01/23 12:34:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DAD533B5-E281-45DA-BB5F-FA0A91A34AEC} [2012/01/22 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E52F42CD-4C79-4533-967C-30901A0AC4FF} [2012/01/22 12:15:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6567CF41-FF2A-407B-A691-26D36B0E2F4F} [2012/01/21 22:20:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4A8635B0-CD0C-46BD-8015-34DCF512D1A9} [2012/01/21 22:20:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{685E8AB2-EAA8-4288-9637-7C3565ED370E} [2012/01/13 21:09:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5B5D6635-AC76-4032-AADE-27ACBB194C3B} [2012/01/13 21:08:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{04E91324-39FC-46BA-925D-DCFA5B8C5E0F} [2012/01/11 23:50:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B79AA0B9-76CD-49AF-BA83-2558E9100333} [2012/01/11 23:50:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B4A8A7D5-8729-439C-B26E-F2E807B05C9B} [2012/01/09 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FEA48460-8AE5-474B-BC13-17693275D8AF} [2012/01/08 12:18:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9D9AC064-560B-47EB-84CC-AEB1746D1130} [2012/01/08 12:18:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{320193C3-E005-4E21-8533-462B669D4BBF} [2012/01/07 15:18:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0F161CD7-9C1D-41D7-89AC-348D10998963} [2012/01/07 15:18:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A64FEAE6-47D8-4431-BEB0-2D961D2E77EE} [2012/01/07 00:19:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C800BE1A-4D59-4763-8B5C-7566D0FCB060} [2012/01/07 00:18:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{762AEF5A-B9FE-45F2-89DF-50BCD0DA22A4} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/05 22:45:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/05 22:13:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000UA.job [2012/02/05 22:13:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000Core.job [2012/02/05 21:26:59 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 21:26:59 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/05 21:25:55 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/05 21:25:55 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/02/05 21:25:55 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/05 21:25:55 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/02/05 21:25:55 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/05 21:19:28 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/05 21:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/05 21:18:55 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys [2012/02/05 20:32:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/05 11:47:00 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/02/05 10:52:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/02/04 21:43:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dili\Desktop\OTL.exe [2012/02/01 09:09:42 | 000,302,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/01/26 10:09:16 | 000,002,391 | ---- | M] () -- C:\Users\****\Desktop\Google Chrome.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/05 19:58:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/02/05 10:53:02 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/02/05 10:52:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011/12/16 22:12:38 | 000,003,677 | ---- | C] () -- C:\Users\****\AppData\Roaming\Sys2657a.DLL [2011/09/19 16:11:18 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/03/18 06:52:51 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/03/18 06:36:45 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011/03/18 01:56:15 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011/03/18 00:22:43 | 000,001,898 | ---- | C] () -- C:\Windows\HotFixList.ini [2011/03/18 00:10:01 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/12/29 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2012/02/05 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011/10/13 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2011/11/02 13:42:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2012/01/09 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client [2011/12/17 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TippKönigin Demo [2012/01/13 22:07:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\toolplugin [2011/09/19 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP [2011/10/20 17:54:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer [2012/02/03 09:06:54 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/10/17 17:04:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011/11/02 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011/12/29 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2011/12/22 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CyberLink [2011/12/29 22:39:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DivX [2011/10/17 17:05:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Google [2012/02/05 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011/09/19 13:35:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities [2011/09/19 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2012/02/05 19:58:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011/03/18 06:57:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2011/12/12 23:34:55 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2011/11/01 14:17:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2011/10/13 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2011/11/02 13:42:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2012/01/09 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client [2011/12/17 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TippKönigin Demo [2012/01/13 22:07:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\toolplugin [2011/09/19 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP [2011/12/30 19:19:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc [2011/10/20 17:54:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 06:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > [/code] |
|
05.02.2012, 23:50
| #17 |
| | security center, Achtung! Ihr Windows System wurde blockiert! Das wäre erst mal getan
__________________ ...Oberflächlich siehts zwar gut aus... Vielen Dank erstmal dafür! Lg Julia |
|
05.02.2012, 23:51
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | security center, Achtung! Ihr Windows System wurde blockiert! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - No CLSID value found
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb106/?loc=IB_DS&search={searchTerms}&a=6OyoimFOtT&i=26
CHR - default_search_provider: suggest_url =
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Dili\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
:Files
C:\Users\****\AppData\Roaming\Babylon
C:\Users\****\AppData\Roaming\Sys2657a.DLL
C:\Users\****\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
06.02.2012, 00:03
| #19 |
| | security center, Achtung! Ihr Windows System wurde blockiert!Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{328ECD19-C167-40eb-A0C7-16FE7634105E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328ECD19-C167-40eb-A0C7-16FE7634105E}\ not found.
C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll moved successfully.
========== FILES ==========
File\Folder C:\Users****\AppData\Roaming\Babylon not found.
C:\Users\Dili\AppData\Roaming\Sys2657a.DLL moved successfully.
File\Folder C:\Users****\AppData\Local\{* not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ****
->Temp folder emptied: 34784465 bytes
->Temporary Internet Files folder emptied: 988286 bytes
->Java cache emptied: 5523680 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 7020542 bytes
->Flash cache emptied: 495 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28656 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 46.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_235645
Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V2DNJXR\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
06.02.2012, 00:08
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | security center, Achtung! Ihr Windows System wurde blockiert!Zitat:
Der Pfad sollte so lauten! C:\Users\BENUTZERNAME\AppData\Local\{* BENUTZERNAME musst du in deinen richtigen umändern und den Stern am Ende musst du so lassen. Mach den Fix mit diesem Script nochmal aber richtig zurückeditiert! Code:
ATTFilter :Files
C:\Users\****\AppData\Roaming\Babylon
C:\Users\****\AppData\Local\{*
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.02.2012, 00:30
| #21 |
| | security center, Achtung! Ihr Windows System wurde blockiert!Code:
ATTFilter ========== FILES ==========
C:\Users\*\AppData\Roaming\Babylon folder moved successfully.
C:\Users\*\AppData\Local\{008F1532-78F0-42EA-91C6-E38B9F7357A4} folder moved successfully.
C:\Users\*\AppData\Local\{01001626-5DE1-418B-A5E3-1D8B7E2C3BCA} folder moved successfully.
C:\Users\*\AppData\Local\{02B324F6-8934-40CB-91CE-5CD2F560C7C0} folder moved successfully.
C:\Users\*\AppData\Local\{02C0EC77-203D-4FA7-8915-2665EC999B1F} folder moved successfully.
C:\Users\*\AppData\Local\{04E91324-39FC-46BA-925D-DCFA5B8C5E0F} folder moved successfully.
C:\Users\*\AppData\Local\{057E3984-8E79-4167-BD28-31AFCC9DE1BD} folder moved successfully.
C:\Users\*\AppData\Local\{064DC3C5-44C1-4324-B996-BC3B36CE0DAF} folder moved successfully.
C:\Users\*\AppData\Local\{067216AB-F65E-401A-88BC-28A751CC2534} folder moved successfully.
C:\Users\*\AppData\Local\{06735966-4FF2-4140-B914-28931653771E} folder moved successfully.
C:\Users\*\AppData\Local\{07663686-D829-42A2-BF17-6CFC5E9C3CDA} folder moved successfully.
C:\Users\*\AppData\Local\{07770C26-DE26-4C98-8792-444822A9BBB2} folder moved successfully.
C:\Users\*\AppData\Local\{093425A6-1194-4481-8141-A09B7E2CDC12} folder moved successfully.
C:\Users\*\AppData\Local\{0B597FD8-BA55-44AB-AA24-A9B87A1AA9BE} folder moved successfully.
C:\Users\*\AppData\Local\{0BC42D26-BBA5-41BB-B1D8-3C4A73A1458A} folder moved successfully.
C:\Users\*\AppData\Local\{0E94DB12-E511-47E8-AABC-E0092E42D113} folder moved successfully.
C:\Users\*\AppData\Local\{0F161CD7-9C1D-41D7-89AC-348D10998963} folder moved successfully.
C:\Users\*\AppData\Local\{1047015F-7B3C-440F-A86B-6EFAB488F535} folder moved successfully.
C:\Users\*\AppData\Local\{1088CD99-9540-46B7-86C9-F01F663317BD} folder moved successfully.
C:\Users\*\AppData\Local\{10B782DA-5F66-4EA0-836D-D6B5A5DF08D7} folder moved successfully.
C:\Users\*\AppData\Local\{12F9B7EA-79C0-44FB-AF88-3682F8B0A976} folder moved successfully.
C:\Users\*\AppData\Local\{156E820C-2F70-4B60-A8CF-6163324CB41D} folder moved successfully.
C:\Users\*\AppData\Local\{1830E425-E5F8-48AE-8D20-2B52DEAE12FA} folder moved successfully.
C:\Users\*\AppData\Local\{189DF469-3B5D-4EB8-8EE9-EEA02A041DBB} folder moved successfully.
C:\Users\*\AppData\Local\{1A2B126D-A509-464A-B945-39AC935FA0D3} folder moved successfully.
C:\Users\*\AppData\Local\{1BEE3AF1-F5AA-4851-B90A-FBCABDE779E7} folder moved successfully.
C:\Users\*\AppData\Local\{1C46B408-D4C8-44A0-9572-BF83528BFA7F} folder moved successfully.
C:\Users\*\AppData\Local\{1DA6C330-6977-488F-A314-376E4DB2078A} folder moved successfully.
C:\Users\*\AppData\Local\{1F27B7EB-A021-46BD-AA77-3F77FFF68F57} folder moved successfully.
C:\Users\*\AppData\Local\{1F370831-7A47-4BF6-88A7-A7683821A18C} folder moved successfully.
C:\Users\*\AppData\Local\{2016D2F8-FC38-454A-A6E1-F8F5F585C1FE} folder moved successfully.
C:\Users\*\AppData\Local\{2253B5AB-6386-42BE-9C44-6F622FCD8F04} folder moved successfully.
C:\Users\*\AppData\Local\{22BB19E2-DFEF-403F-86D9-AB91CDD3D59A} folder moved successfully.
C:\Users\*\AppData\Local\{23BD104F-23D6-408F-A75C-D880D9C6A7B5} folder moved successfully.
C:\Users\*\AppData\Local\{2407F7D0-561B-40D9-B544-43D84083B74F} folder moved successfully.
C:\Users\*\AppData\Local\{240D048C-15A3-4476-A2CF-2E5C93E65EB1} folder moved successfully.
C:\Users\*\AppData\Local\{24B4D6EB-4366-4081-ACC5-0C482BB0D88E} folder moved successfully.
C:\Users\*\AppData\Local\{2543112A-001C-4EAD-A084-52E0D72BE716} folder moved successfully.
C:\Users\*\AppData\Local\{25934E85-1AFC-40A8-9100-6A99AAC12F2B} folder moved successfully.
C:\Users\*\AppData\Local\{25B338A9-E53C-48A2-A10C-9E1E0D0B198C} folder moved successfully.
C:\Users\*\AppData\Local\{2CC75DD8-CD77-4947-9404-1EA12E2D09DA} folder moved successfully.
C:\Users\*\AppData\Local\{2CF108C9-0B4D-48E0-BB61-B50894979D9A} folder moved successfully.
C:\Users\*\AppData\Local\{2D33560B-27B6-49D8-B258-5D9E84299234} folder moved successfully.
C:\Users\*\AppData\Local\{2EE2DFBD-2CB3-451F-9F9E-84FE1C702818} folder moved successfully.
C:\Users\*\AppData\Local\{2F06721B-49B2-43AC-BEB1-4CD6FBAF351C} folder moved successfully.
C:\Users\*\AppData\Local\{2FEA3AA6-546D-4D97-B7F2-3457ADAEBE45} folder moved successfully.
C:\Users\*\AppData\Local\{31006D15-BEBC-4F6A-9F1A-900F1F4E81BF} folder moved successfully.
C:\Users\*\AppData\Local\{31E32E49-1B76-4910-B5CF-927FFAC01083} folder moved successfully.
C:\Users\*\AppData\Local\{320193C3-E005-4E21-8533-462B669D4BBF} folder moved successfully.
C:\Users\*\AppData\Local\{32AAA286-2E1C-4858-B0D3-F1AC0A7987DC} folder moved successfully.
C:\Users\*\AppData\Local\{33A6BA1B-ACDC-4E2E-89AB-47D4AB3BDFCD} folder moved successfully.
C:\Users\*\AppData\Local\{341F8CC0-9D44-42E3-897C-5CAEDCB58AC0} folder moved successfully.
C:\Users\*\AppData\Local\{351CFD1A-B49F-466B-A65F-24B22F0345C8} folder moved successfully.
C:\Users\*\AppData\Local\{35F20B1E-0C29-4020-8BCF-F9B8058E63BE} folder moved successfully.
C:\Users\*\AppData\Local\{365093FD-7BC8-49EA-8735-D3CF38197022} folder moved successfully.
C:\Users\*\AppData\Local\{373F2C72-118C-4828-9F53-05B762F1D8B5} folder moved successfully.
C:\Users\*\AppData\Local\{386FB555-979F-4F01-98EA-F48184030868} folder moved successfully.
C:\Users\*\AppData\Local\{39733344-333B-40AB-8B5F-2FB8D58237C0} folder moved successfully.
C:\Users\*\AppData\Local\{3AD4D6A6-71E0-4D3A-A3EE-1E42593A4B33} folder moved successfully.
C:\Users\*\AppData\Local\{3B48F3D1-7DEE-4867-BDCE-3957994F3C7F} folder moved successfully.
C:\Users\*\AppData\Local\{3B80D767-2FD9-4B79-9D3B-8635E47343F1} folder moved successfully.
C:\Users\*\AppData\Local\{3CE71262-F276-4DF5-8A42-3B7CB9A98950} folder moved successfully.
C:\Users\*\AppData\Local\{3E0EB1C7-0A24-4335-AA99-4DEEAAA2AFD6} folder moved successfully.
C:\Users\*\AppData\Local\{3EEE7E36-E6C5-4336-9E3E-A741956F0AA7} folder moved successfully.
C:\Users\*\AppData\Local\{3FA7F656-915F-401F-9C79-23586D935CFF} folder moved successfully.
C:\Users\*\AppData\Local\{40DEA70B-C2BE-410E-8C4D-10900008908A} folder moved successfully.
C:\Users\*\AppData\Local\{419226C7-C6F4-4787-B591-50BF6DD6CF0F} folder moved successfully.
C:\Users\*\AppData\Local\{41EB946B-970F-4CC7-921E-A844510D5373} folder moved successfully.
C:\Users\*\AppData\Local\{427A19AF-98D9-4238-8A45-C1A184C3C55F} folder moved successfully.
C:\Users\*\AppData\Local\{4289F4F5-B01C-42D2-B970-DC2FD67D64C5} folder moved successfully.
C:\Users\*\AppData\Local\{43717E0B-E19D-46E3-A029-3595025F8A23} folder moved successfully.
C:\Users\*\AppData\Local\{43E5F017-8DEF-4A1B-9A8B-3F54FC3D4A36} folder moved successfully.
C:\Users\*\AppData\Local\{43F64608-7A48-460E-A093-71628EBE30D7} folder moved successfully.
C:\Users\*\AppData\Local\{458DBFCA-D3E6-487C-A69F-36B2A4C65903} folder moved successfully.
C:\Users\*\AppData\Local\{47B5BFF5-3614-4BD8-9846-16610C8CAED2} folder moved successfully.
C:\Users\*\AppData\Local\{490F76C0-1811-496A-9044-AC896891D7BB} folder moved successfully.
C:\Users\*\AppData\Local\{495AE020-2906-4655-8611-F2FFEE1FBC5E} folder moved successfully.
C:\Users\*\AppData\Local\{4991A41C-47FE-4AC5-B954-625E17098E8D} folder moved successfully.
C:\Users\*\AppData\Local\{4A8635B0-CD0C-46BD-8015-34DCF512D1A9} folder moved successfully.
C:\Users\*\AppData\Local\{4AEAF1D0-835F-4389-A593-051BA62E1476} folder moved successfully.
C:\Users\*\AppData\Local\{4BA7CADC-CA40-489F-8730-30369AB9A8D6} folder moved successfully.
C:\Users\*\AppData\Local\{4C4A1B77-0465-4BA7-9409-A526711CEE2E} folder moved successfully.
C:\Users\*\AppData\Local\{4C96EDD2-E05D-47CE-B598-2656ADFE2CA2} folder moved successfully.
C:\Users\*\AppData\Local\{4CA1168B-AC14-4CCC-96B0-6D113BF855A2} folder moved successfully.
C:\Users\*\AppData\Local\{4DE39F1F-9680-4F0F-88B5-7044380636B5} folder moved successfully.
C:\Users\*\AppData\Local\{50BA1A14-8119-4A00-96DD-3137C3D477DA} folder moved successfully.
C:\Users\*\AppData\Local\{50E45BFA-6CEA-4C8D-82EF-54038FF839A7} folder moved successfully.
C:\Users\*\AppData\Local\{51B8F8ED-2816-4604-850A-8AC003A71C16} folder moved successfully.
C:\Users\*\AppData\Local\{53B16D03-81C7-4349-9D38-A1775FF9D3E8} folder moved successfully.
C:\Users\*\AppData\Local\{56404F4E-302C-4A9C-BD58-07F8AE9FC974} folder moved successfully.
C:\Users\*\AppData\Local\{59ACDC93-A9FF-461F-9078-6C7F8B0D6565} folder moved successfully.
C:\Users\*\AppData\Local\{59CBC37A-69E7-452E-9717-0E9E46FCE947} folder moved successfully.
C:\Users\*\AppData\Local\{5AFC817D-CD8E-4F84-9CF2-D6606E7C46A9} folder moved successfully.
C:\Users\*\AppData\Local\{5B5D6635-AC76-4032-AADE-27ACBB194C3B} folder moved successfully.
C:\Users\*\AppData\Local\{5C42E3A2-B48C-4B6C-BC04-983217ABBC35} folder moved successfully.
C:\Users\*\AppData\Local\{5E6CF8D0-26E9-405C-8122-E728A3A897A1} folder moved successfully.
C:\Users\*\AppData\Local\{5EB4624D-B414-4C4F-BE18-0347FD9B5689} folder moved successfully.
C:\Users\*\AppData\Local\{5F6ECADD-6AF1-4577-9010-674909D8B581} folder moved successfully.
C:\Users\*\AppData\Local\{5FAE3537-8CC6-43D6-98E5-D335B98B372E} folder moved successfully.
C:\Users\*\AppData\Local\{60309D91-AA94-4DAD-AD50-7E9CCB370262} folder moved successfully.
C:\Users\*\AppData\Local\{603EC209-0572-4D37-82F6-A9BF2BC4FEF4} folder moved successfully.
C:\Users\*\AppData\Local\{626DD12A-11EC-4F06-950D-7FFA43350908} folder moved successfully.
C:\Users\*\AppData\Local\{62BE803E-9F1B-44C8-8857-AA78648B523C} folder moved successfully.
C:\Users\*\AppData\Local\{6312D932-E623-4590-A912-A131E31EE48C} folder moved successfully.
C:\Users\*\AppData\Local\{6567CF41-FF2A-407B-A691-26D36B0E2F4F} folder moved successfully.
C:\Users\*\AppData\Local\{665F6C4C-2F1B-455F-AEDC-166FFC4616F1} folder moved successfully.
C:\Users\*\AppData\Local\{66BEC7A7-80F2-4594-9C1D-4E7B6FA9E306} folder moved successfully.
C:\Users\*\AppData\Local\{685E8AB2-EAA8-4288-9637-7C3565ED370E} folder moved successfully.
C:\Users\*\AppData\Local\{68D6165F-02F9-4357-9879-AAC315BCCDC1} folder moved successfully.
C:\Users\*\AppData\Local\{6B0C9E9C-7B60-4564-8995-64C96118B899} folder moved successfully.
C:\Users\*\AppData\Local\{6C3E3BED-944D-4429-84ED-15D728496D73} folder moved successfully.
C:\Users\*\AppData\Local\{6C9A431E-F578-4774-8967-597D24572D34} folder moved successfully.
C:\Users\*\AppData\Local\{6D4DCBBF-D7A4-432E-8897-FC1269A83FEB} folder moved successfully.
C:\Users\*\AppData\Local\{6D7B2A20-CC65-4FC1-A93A-BEBEBBA1D171} folder moved successfully.
C:\Users\*\AppData\Local\{6EF03604-FC50-4879-A1FC-E853BE52EC28} folder moved successfully.
C:\Users\*\AppData\Local\{6F9673F7-8BB4-4CDD-9551-2BE4493EF0B8} folder moved successfully.
C:\Users\*\AppData\Local\{701411CC-4BFC-4B25-B3B8-66836314FA5A} folder moved successfully.
C:\Users\*\AppData\Local\{712C0177-C1FF-4F09-80A7-6BA0D5BCE98A} folder moved successfully.
C:\Users\*\AppData\Local\{7150AB69-4CF8-495E-BD70-81666CB1B661} folder moved successfully.
C:\Users\*\AppData\Local\{71A50E77-1CC2-42F9-AA2A-B7FC8100EF49} folder moved successfully.
C:\Users\*\AppData\Local\{71FD3096-B865-45A1-B4A3-0B55749176EE} folder moved successfully.
C:\Users\*\AppData\Local\{734E6EBE-FF6B-435B-8FEB-6159C15DE2CE} folder moved successfully.
C:\Users\*\AppData\Local\{742D8DC5-11F3-4CDA-B901-C4EC17B0D0C7} folder moved successfully.
C:\Users\*\AppData\Local\{745C30B4-3EDC-4CEB-ABED-2DAF557D1941} folder moved successfully.
C:\Users\*\AppData\Local\{74B6033F-7511-44E2-B090-851D743E35E9} folder moved successfully.
C:\Users\*\AppData\Local\{74D34631-AE05-469A-80E0-45E593EB4EBD} folder moved successfully.
C:\Users\*\AppData\Local\{762AEF5A-B9FE-45F2-89DF-50BCD0DA22A4} folder moved successfully.
C:\Users\*\AppData\Local\{764ECA08-D574-48D3-901E-A5637A238547} folder moved successfully.
C:\Users\*\AppData\Local\{778247E1-BBEF-463B-89E7-FCAF5C7C3CE2} folder moved successfully.
C:\Users\*\AppData\Local\{798E7F36-EF97-442A-94DD-E4E63EFC6AF9} folder moved successfully.
C:\Users\*\AppData\Local\{7B674DC3-FF62-4C14-8FA7-A2C96B1C7F6E} folder moved successfully.
C:\Users\*\AppData\Local\{7C7E64C3-CF4A-404B-A561-05515C74B19A} folder moved successfully.
C:\Users\*\AppData\Local\{814718C1-3672-483B-A273-DB19474CFD5C} folder moved successfully.
C:\Users\*\AppData\Local\{81A54425-7B6F-4F83-9EC1-6FBC237367AB} folder moved successfully.
C:\Users\*\AppData\Local\{8264269B-9BE0-48E6-BAC6-924BB568EF3F} folder moved successfully.
C:\Users\*\AppData\Local\{84D1F40D-C63D-4287-9B94-36EF7E066CE2} folder moved successfully.
C:\Users\*\AppData\Local\{8561E00D-1BB3-43D6-8988-4FD73BD9BE3C} folder moved successfully.
C:\Users\*\AppData\Local\{85B98D03-E513-479C-8FB4-EBDCE706AA1F} folder moved successfully.
C:\Users\*\AppData\Local\{86ED3A3B-F7EA-4869-85BF-FF566FDFEDE2} folder moved successfully.
C:\Users\*\AppData\Local\{87DBADAF-2667-4410-ADB8-2911127172F3} folder moved successfully.
C:\Users\*\AppData\Local\{87F66BC9-D8D7-418C-80C8-597DFF35DD09} folder moved successfully.
C:\Users\*\AppData\Local\{888CFCEC-28AF-49E7-B1B6-1A8B320183CD} folder moved successfully.
C:\Users\*\AppData\Local\{8DAF4FB5-B1C8-4960-88A8-416749E1ABB2} folder moved successfully.
C:\Users\*\AppData\Local\{8E2BB8C1-53CA-4204-B281-000C0DC765E5} folder moved successfully.
C:\Users\*\AppData\Local\{8F86D223-0683-4F78-B241-755C126171C5} folder moved successfully.
C:\Users\*\AppData\Local\{927A2C1A-C8B1-49DC-AF73-860867F50954} folder moved successfully.
C:\Users\*\AppData\Local\{932DFD67-BDC9-4EC7-8834-C8EF7AFBAD9D} folder moved successfully.
C:\Users\*\AppData\Local\{956B99BC-C0FE-4FB1-80B0-185495ECFB10} folder moved successfully.
C:\Users\*\AppData\Local\{9600DCBF-7ACC-4CE0-82A2-B7AD599422FB} folder moved successfully.
C:\Users\*\AppData\Local\{974CE093-3FB8-4559-B5AF-BF04A264FAF4} folder moved successfully.
C:\Users\*\AppData\Local\{980AD297-14F8-4C7E-942F-D50DC986CBA0} folder moved successfully.
C:\Users\*\AppData\Local\{9C59161D-17F2-483C-AEEE-726E92E7142B} folder moved successfully.
C:\Users\*\AppData\Local\{9D0F5231-1E7D-474E-B0A2-A3AB4CE5F845} folder moved successfully.
C:\Users\*\AppData\Local\{9D9AC064-560B-47EB-84CC-AEB1746D1130} folder moved successfully.
C:\Users\*\AppData\Local\{9DD2A916-F57D-4B79-816A-E4961F5EDB95} folder moved successfully.
C:\Users\*\AppData\Local\{9DF6EEF0-B21F-40D7-882F-669AE0C68F66} folder moved successfully.
C:\Users\*\AppData\Local\{9EB46DDC-F060-497B-B1C6-782FA8084031} folder moved successfully.
C:\Users\*\AppData\Local\{A1DE4F70-C4A2-4095-B04C-15A814EDDF3E} folder moved successfully.
C:\Users\*\AppData\Local\{A1EE23F8-8736-4AB9-AAE9-20DED93BC354} folder moved successfully.
C:\Users\*\AppData\Local\{A21475C6-91F4-49EE-9AC1-14FFF5D4A002} folder moved successfully.
C:\Users\*\AppData\Local\{A3D6E54F-4F4E-405A-A688-8235EB9AC30B} folder moved successfully.
C:\Users\*\AppData\Local\{A64FEAE6-47D8-4431-BEB0-2D961D2E77EE} folder moved successfully.
C:\Users\*\AppData\Local\{A6F8B7CE-8B9D-43CA-A152-13C6ADBA6A05} folder moved successfully.
C:\Users\*\AppData\Local\{A7CEAD97-76B8-455A-AF6D-DAA501A95DDA} folder moved successfully.
C:\Users\*\AppData\Local\{A8759D86-BACA-4F58-8059-92D324539BA6} folder moved successfully.
C:\Users\*\AppData\Local\{A8DB2260-9DE1-42AE-87A6-619E2E8A26D7} folder moved successfully.
C:\Users\*\AppData\Local\{A9930515-9EFB-4D04-8342-4C76C503E088} folder moved successfully.
C:\Users\*\AppData\Local\{A9BC6AAA-D8C2-4CED-BCB0-F31A20085DA7} folder moved successfully.
C:\Users\*\AppData\Local\{AAC907A5-4D0F-4322-95AD-A607E8DF285E} folder moved successfully.
C:\Users\*\AppData\Local\{AC785EBC-6AA3-423D-90BC-9BC1548B93F1} folder moved successfully.
C:\Users\*\AppData\Local\{AD0AA1DC-A3D5-4DD5-8337-B626C9554524} folder moved successfully.
C:\Users\*\AppData\Local\{AE02DF5A-FF18-4C64-9AC6-9984E74921F2} folder moved successfully.
C:\Users\*\AppData\Local\{AE0D4408-A660-4CDD-AB5A-B97781EF2865} folder moved successfully.
C:\Users\*\AppData\Local\{AE506E02-33A8-43F0-B72D-2856DDE97D61} folder moved successfully.
C:\Users\*\AppData\Local\{AF1EA8B8-4ACA-4D90-93EE-B790461785E0} folder moved successfully.
C:\Users\*\AppData\Local\{AF564963-9A8A-45D6-A28B-0233FD170E73} folder moved successfully.
C:\Users\*\AppData\Local\{B0C62E39-74D0-46DD-8884-0464D71F2CDD} folder moved successfully.
C:\Users\*\AppData\Local\{B0C7939E-897A-44F7-8784-7F26F0AB3DD9} folder moved successfully.
C:\Users\*\AppData\Local\{B166D35B-F951-45FD-89C4-71DADF206208} folder moved successfully.
C:\Users\*\AppData\Local\{B2C36B5B-E8DA-4528-B6D8-5FDE1151F0BE} folder moved successfully.
C:\Users\*\AppData\Local\{B4A8A7D5-8729-439C-B26E-F2E807B05C9B} folder moved successfully.
C:\Users\*\AppData\Local\{B574EE3F-64A5-4069-A06F-B7E99B22399F} folder moved successfully.
C:\Users\*\AppData\Local\{B6203E94-8204-4FD2-B7AD-E5BD5C76D284} folder moved successfully.
C:\Users\*\AppData\Local\{B680E23E-A8DF-4CA5-8C72-79E0DE43A503} folder moved successfully.
C:\Users\*\AppData\Local\{B716363E-1F52-417E-A141-3A735EB514D2} folder moved successfully.
C:\Users\*\AppData\Local\{B71D3755-C9F5-47A9-AC62-E2AA9756BA3F} folder moved successfully.
C:\Users\*\AppData\Local\{B7468B65-F6CA-4A52-9098-7AAF643C9282} folder moved successfully.
C:\Users\*\AppData\Local\{B79AA0B9-76CD-49AF-BA83-2558E9100333} folder moved successfully.
C:\Users\*\AppData\Local\{B7A7A23B-9D18-44BD-BD02-7FE6C495621A} folder moved successfully.
C:\Users\*\AppData\Local\{B951696B-A0EF-4E65-8387-CBF35C6AB8CD} folder moved successfully.
C:\Users\*\AppData\Local\{B9943416-EEE7-464C-AA80-08E360596710} folder moved successfully.
C:\Users\*\AppData\Local\{BA40CEF3-9797-45C0-BBCC-FEA3FD0087AC} folder moved successfully.
C:\Users\*\AppData\Local\{BCDFA1E0-0BA0-48F4-BCFD-ACAE37E24B04} folder moved successfully.
C:\Users\*\AppData\Local\{BED532B8-F6CD-4D8E-93F6-773CE1412C15} folder moved successfully.
C:\Users\*\AppData\Local\{BF2AAA52-6774-4169-BCD6-C3DC6115F4C5} folder moved successfully.
C:\Users\*\AppData\Local\{C2706F2F-D5B1-471E-8381-0ACE2F5DCE60} folder moved successfully.
C:\Users\*\AppData\Local\{C30C71A0-C78D-4EFC-8059-6F7D8A3E00F0} folder moved successfully.
C:\Users\*\AppData\Local\{C800BE1A-4D59-4763-8B5C-7566D0FCB060} folder moved successfully.
C:\Users\*\AppData\Local\{C917401B-FF35-4180-A61E-0D635F8B7EC8} folder moved successfully.
C:\Users\*\AppData\Local\{CA4595BD-D46C-49FC-A035-A236383E94DB} folder moved successfully.
C:\Users\*\AppData\Local\{CCD5F48B-9B31-40F0-A7AF-85C9B03E54EE} folder moved successfully.
C:\Users\*\AppData\Local\{CF1EF0C3-6B18-477A-9ED5-ACF5D801BC79} folder moved successfully.
C:\Users\*\AppData\Local\{CFB68C35-2039-4F23-A06B-E6383FFCCC74} folder moved successfully.
C:\Users\*\AppData\Local\{D067B4A6-64F6-479E-A221-031B525AAFEE} folder moved successfully.
C:\Users\*\AppData\Local\{D0842608-49DB-4AF7-B31A-A9148ACE37B2} folder moved successfully.
C:\Users\*\AppData\Local\{D19DF3AE-3BF4-4F1F-B983-EDCA460A1C2A} folder moved successfully.
C:\Users\*\AppData\Local\{D1C4A47E-E28A-4654-A79F-6C7092955BDC} folder moved successfully.
C:\Users\*\AppData\Local\{D359D7E5-429B-4EE2-A96F-D4AD36AA6C1D} folder moved successfully.
C:\Users\*\AppData\Local\{D3760802-E1AE-42CF-BB96-495E38BAAC67} folder moved successfully.
C:\Users\*\AppData\Local\{D59DC2C1-EBF0-4632-B11E-98F87CB92CDB} folder moved successfully.
C:\Users\*\AppData\Local\{D80B94BC-09C5-4C8B-AC46-8EE9A5030B45} folder moved successfully.
C:\Users\*\AppData\Local\{D8391BF9-457D-4AAD-9FDC-27B9EDC22AFB} folder moved successfully.
C:\Users\*\AppData\Local\{D94DCEDC-9FAF-4D69-BEB1-9F2766C21E95} folder moved successfully.
C:\Users\*\AppData\Local\{DA120006-B6EB-4D4F-B300-841914DE7E2B} folder moved successfully.
C:\Users\*\AppData\Local\{DA2108E1-F251-42C5-92EC-27D9581D7D65} folder moved successfully.
C:\Users\*\AppData\Local\{DA505EFD-F5D4-4C2C-856F-633DB55A3E6F} folder moved successfully.
C:\Users\*\AppData\Local\{DA98C607-864A-4333-9B32-05B27B417597} folder moved successfully.
C:\Users\*\AppData\Local\{DAD533B5-E281-45DA-BB5F-FA0A91A34AEC} folder moved successfully.
C:\Users\*\AppData\Local\{DB848225-F02D-420B-B6C4-687D9CD802E1} folder moved successfully.
C:\Users\*\AppData\Local\{DC4CD252-6CF9-477F-8CF8-579624B32091} folder moved successfully.
C:\Users\*\AppData\Local\{DC92B64A-0F4D-4B26-B699-3C3FC99C6BE9} folder moved successfully.
C:\Users\*\AppData\Local\{E14F7AE7-8623-4BB1-BBEC-04922ADAECDA} folder moved successfully.
C:\Users\*\AppData\Local\{E19AC6A5-4B2D-4021-9ECA-017D2BA3A499} folder moved successfully.
C:\Users\*\AppData\Local\{E293DADC-E1C0-4CB0-9759-4099BBB6C7AB} folder moved successfully.
C:\Users\*\AppData\Local\{E4B6CA82-DC61-4F70-A0BB-94F0E03522AA} folder moved successfully.
C:\Users\*\AppData\Local\{E4EC9BFB-F841-4995-A3EB-FEB81398A04E} folder moved successfully.
C:\Users\*\AppData\Local\{E52F42CD-4C79-4533-967C-30901A0AC4FF} folder moved successfully.
C:\Users\*\AppData\Local\{E6E38B22-21E2-4801-B2B2-39ED6FB40666} folder moved successfully.
C:\Users\*\AppData\Local\{E800F748-4999-431D-8E37-4098B633B9FA} folder moved successfully.
C:\Users\*\AppData\Local\{EA0C7B1A-B5E2-4595-9037-732639C7D9E3} folder moved successfully.
C:\Users\*\AppData\Local\{EAD588B2-C4B4-44A3-9B11-9B5F91232677} folder moved successfully.
C:\Users\*\AppData\Local\{EEB2F9CC-218F-40ED-8218-80D921E69DBB} folder moved successfully.
C:\Users\*\AppData\Local\{EF3EC1DF-43F3-4FE5-8815-9F04D9B0C58D} folder moved successfully.
C:\Users\*\AppData\Local\{F0970BA3-B042-4BB7-B40A-6FDD00CA8E05} folder moved successfully.
C:\Users\*\AppData\Local\{F19DCD4A-E5F8-46CB-9042-8D2A2DF71AAA} folder moved successfully.
C:\Users\*\AppData\Local\{F37E81AA-A973-4B38-BC65-19264EC043BA} folder moved successfully.
C:\Users\*\AppData\Local\{F4B578A9-BF03-4457-BB18-4C2020DE030F} folder moved successfully.
C:\Users\*\AppData\Local\{F4CC09E3-E672-404C-AF04-049EB12138C8} folder moved successfully.
C:\Users\*\AppData\Local\{F53794CB-2CFB-4978-A465-F42528528E88} folder moved successfully.
C:\Users\*\AppData\Local\{F62D19E2-E438-4510-BF5D-63499CF91062} folder moved successfully.
C:\Users\*\AppData\Local\{F637B59E-4346-40BC-98FD-A1F20784304F} folder moved successfully.
C:\Users\*\AppData\Local\{F6FFF00D-DFFE-4B66-831A-4F725077B812} folder moved successfully.
C:\Users\*\AppData\Local\{F7629647-4A3C-4A46-BBFB-9BDC742A94DE} folder moved successfully.
C:\Users\*\AppData\Local\{F7BC8099-259C-4E6F-BC11-1CA432864380} folder moved successfully.
C:\Users\*\AppData\Local\{F7BDDEBA-776D-467D-B7DE-9B269EE601D8} folder moved successfully.
C:\Users\*\AppData\Local\{F7D60BC7-E10B-41E5-86E8-E2CC425DE298} folder moved successfully.
C:\Users\*\AppData\Local\{FB53635C-B2F3-4C6D-B539-4CCE389DC1B8} folder moved successfully.
C:\Users\*\AppData\Local\{FCB239F4-D4E8-403B-AB38-6D427727AC57} folder moved successfully.
C:\Users\*\AppData\Local\{FCD8D079-23E3-4E0B-97C4-03C7E71A6EC4} folder moved successfully.
C:\Users\*\AppData\Local\{FDE71007-1A9D-473E-98FF-6911ABD49CF9} folder moved successfully.
C:\Users\*\AppData\Local\{FEA48460-8AE5-474B-BC13-17693275D8AF} folder moved successfully.
OTL by OldTimer - Version 3.2.31.0 log created on 02062012_001350
|
|
06.02.2012, 00:43
| #22 |
| | security center, Achtung! Ihr Windows System wurde blockiert! Da bin ich ja mal gespannt, wie doof ich mich nun angestellt habe ;( |
|
06.02.2012, 09:18
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | security center, Achtung! Ihr Windows System wurde blockiert! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 10:12
| #24 |
| | security center, Achtung! Ihr Windows System wurde blockiert!Code:
ATTFilter 10:07:02.0315 2624 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
10:07:02.0465 2624 ============================================================
10:07:02.0465 2624 Current date / time: 2012/02/06 10:07:02.0465
10:07:02.0465 2624 SystemInfo:
10:07:02.0465 2624
10:07:02.0465 2624 OS Version: 6.1.7601 ServicePack: 1.0
10:07:02.0465 2624 Product type: Workstation
10:07:02.0465 2624 ComputerName: ****-PC
10:07:02.0465 2624 UserName: ****
10:07:02.0465 2624 Windows directory: C:\Windows
10:07:02.0465 2624 System windows directory: C:\Windows
10:07:02.0465 2624 Running under WOW64
10:07:02.0465 2624 Processor architecture: Intel x64
10:07:02.0465 2624 Number of processors: 4
10:07:02.0465 2624 Page size: 0x1000
10:07:02.0465 2624 Boot type: Normal boot
10:07:02.0465 2624 ============================================================
10:07:03.0405 2624 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:07:03.0415 2624 \Device\Harddisk0\DR0:
10:07:03.0425 2624 MBR used
10:07:03.0425 2624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:07:03.0425 2624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CC00000
10:07:03.0445 2624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2AD71000
10:07:03.0627 2624 Initialize success
10:07:03.0627 2624 ============================================================
10:08:09.0212 4876 ============================================================
10:08:09.0212 4876 Scan started
10:08:09.0212 4876 Mode: Manual; SigCheck; TDLFS;
10:08:09.0212 4876 ============================================================
10:08:09.0555 4876 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:08:09.0758 4876 1394ohci - ok
10:08:09.0883 4876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:08:09.0929 4876 ACPI - ok
10:08:10.0007 4876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:08:10.0085 4876 AcpiPmi - ok
10:08:10.0163 4876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:10.0210 4876 adp94xx - ok
10:08:10.0241 4876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:08:10.0288 4876 adpahci - ok
10:08:10.0304 4876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:08:10.0335 4876 adpu320 - ok
10:08:10.0397 4876 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:08:10.0460 4876 AFD - ok
10:08:10.0507 4876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:08:10.0538 4876 agp440 - ok
10:08:10.0585 4876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:08:10.0616 4876 aliide - ok
10:08:10.0616 4876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:08:10.0647 4876 amdide - ok
10:08:10.0678 4876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:08:10.0725 4876 AmdK8 - ok
10:08:10.0741 4876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:08:10.0803 4876 AmdPPM - ok
10:08:10.0834 4876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:08:10.0865 4876 amdsata - ok
10:08:10.0881 4876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:10.0912 4876 amdsbs - ok
10:08:10.0928 4876 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:08:10.0959 4876 amdxata - ok
10:08:11.0037 4876 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:08:11.0146 4876 AppID - ok
10:08:11.0177 4876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:08:11.0209 4876 arc - ok
10:08:11.0240 4876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:08:11.0271 4876 arcsas - ok
10:08:11.0302 4876 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
10:08:11.0380 4876 aswFsBlk - ok
10:08:11.0411 4876 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
10:08:11.0427 4876 aswMonFlt - ok
10:08:11.0458 4876 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
10:08:11.0474 4876 aswRdr - ok
10:08:11.0521 4876 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
10:08:11.0567 4876 aswSnx - ok
10:08:11.0583 4876 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
10:08:11.0614 4876 aswSP - ok
10:08:11.0630 4876 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
10:08:11.0645 4876 aswTdi - ok
10:08:11.0692 4876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:11.0817 4876 AsyncMac - ok
10:08:11.0895 4876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:08:11.0926 4876 atapi - ok
10:08:12.0004 4876 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
10:08:12.0145 4876 athr - ok
10:08:12.0332 4876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:12.0410 4876 b06bdrv - ok
10:08:12.0457 4876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:12.0488 4876 b57nd60a - ok
10:08:12.0535 4876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:08:12.0644 4876 Beep - ok
10:08:12.0691 4876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:12.0706 4876 blbdrive - ok
10:08:12.0753 4876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:08:12.0815 4876 bowser - ok
10:08:12.0862 4876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:12.0909 4876 BrFiltLo - ok
10:08:12.0940 4876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:13.0003 4876 BrFiltUp - ok
10:08:13.0049 4876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:08:13.0112 4876 Brserid - ok
10:08:13.0127 4876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:13.0174 4876 BrSerWdm - ok
10:08:13.0190 4876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:13.0237 4876 BrUsbMdm - ok
10:08:13.0252 4876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:13.0283 4876 BrUsbSer - ok
10:08:13.0346 4876 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:08:13.0408 4876 BthEnum - ok
10:08:13.0439 4876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:13.0486 4876 BTHMODEM - ok
10:08:13.0517 4876 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:08:13.0580 4876 BthPan - ok
10:08:13.0627 4876 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:08:13.0689 4876 BTHPORT - ok
10:08:13.0736 4876 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:08:13.0814 4876 BTHUSB - ok
10:08:13.0876 4876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:08:13.0954 4876 cdfs - ok
10:08:14.0032 4876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:08:14.0110 4876 cdrom - ok
10:08:14.0126 4876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:08:14.0188 4876 circlass - ok
10:08:14.0235 4876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:08:14.0266 4876 CLFS - ok
10:08:14.0360 4876 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:08:14.0375 4876 clwvd - ok
10:08:14.0438 4876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:14.0469 4876 CmBatt - ok
10:08:14.0531 4876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:08:14.0563 4876 cmdide - ok
10:08:14.0594 4876 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:08:14.0656 4876 CNG - ok
10:08:14.0687 4876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:08:14.0703 4876 Compbatt - ok
10:08:14.0734 4876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:08:14.0765 4876 CompositeBus - ok
10:08:14.0890 4876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:14.0906 4876 crcdisk - ok
10:08:15.0046 4876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:08:15.0140 4876 DfsC - ok
10:08:15.0187 4876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:08:15.0296 4876 discache - ok
10:08:15.0311 4876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:08:15.0343 4876 Disk - ok
10:08:15.0389 4876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:08:15.0436 4876 drmkaud - ok
10:08:15.0499 4876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:08:15.0545 4876 DXGKrnl - ok
10:08:15.0655 4876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:08:15.0842 4876 ebdrv - ok
10:08:15.0982 4876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:08:16.0029 4876 elxstor - ok
10:08:16.0060 4876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:08:16.0123 4876 ErrDev - ok
10:08:16.0154 4876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:08:16.0263 4876 exfat - ok
10:08:16.0279 4876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:08:16.0372 4876 fastfat - ok
10:08:16.0403 4876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:08:16.0435 4876 fdc - ok
10:08:16.0466 4876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:08:16.0497 4876 FileInfo - ok
10:08:16.0513 4876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:08:16.0637 4876 Filetrace - ok
10:08:16.0653 4876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:16.0684 4876 flpydisk - ok
10:08:16.0762 4876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:08:16.0793 4876 FltMgr - ok
10:08:16.0840 4876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:08:16.0856 4876 FsDepends - ok
10:08:16.0918 4876 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
10:08:16.0949 4876 fssfltr - ok
10:08:16.0981 4876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:08:16.0996 4876 Fs_Rec - ok
10:08:17.0043 4876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:08:17.0090 4876 fvevol - ok
10:08:17.0121 4876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:17.0152 4876 gagp30kx - ok
10:08:17.0230 4876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:08:17.0277 4876 hcw85cir - ok
10:08:17.0308 4876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:08:17.0355 4876 HdAudAddService - ok
10:08:17.0386 4876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:08:17.0449 4876 HDAudBus - ok
10:08:17.0464 4876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:17.0511 4876 HidBatt - ok
10:08:17.0542 4876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:08:17.0589 4876 HidBth - ok
10:08:17.0620 4876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:08:17.0667 4876 HidIr - ok
10:08:17.0729 4876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:08:17.0776 4876 HidUsb - ok
10:08:17.0807 4876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:08:17.0839 4876 HpSAMD - ok
10:08:17.0885 4876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:08:17.0995 4876 HTTP - ok
10:08:18.0026 4876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:08:18.0057 4876 hwpolicy - ok
10:08:18.0119 4876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:08:18.0151 4876 i8042prt - ok
10:08:18.0197 4876 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
10:08:18.0229 4876 iaStor - ok
10:08:18.0275 4876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:08:18.0307 4876 iaStorV - ok
10:08:18.0494 4876 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:18.0743 4876 igfx - ok
10:08:18.0837 4876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:08:18.0868 4876 iirsp - ok
10:08:18.0993 4876 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
10:08:19.0102 4876 IntcAzAudAddService - ok
10:08:19.0211 4876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:08:19.0243 4876 intelide - ok
10:08:19.0274 4876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:08:19.0321 4876 intelppm - ok
10:08:19.0383 4876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:19.0477 4876 IpFilterDriver - ok
10:08:19.0508 4876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:08:19.0555 4876 IPMIDRV - ok
10:08:19.0570 4876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:08:19.0664 4876 IPNAT - ok
10:08:19.0695 4876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:08:19.0742 4876 IRENUM - ok
10:08:19.0773 4876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:08:19.0789 4876 isapnp - ok
10:08:19.0804 4876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:08:19.0835 4876 iScsiPrt - ok
10:08:19.0882 4876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:08:19.0913 4876 kbdclass - ok
10:08:19.0960 4876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:08:19.0991 4876 kbdhid - ok
10:08:20.0038 4876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:08:20.0069 4876 KSecDD - ok
10:08:20.0101 4876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:08:20.0132 4876 KSecPkg - ok
10:08:20.0163 4876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:08:20.0257 4876 ksthunk - ok
10:08:20.0303 4876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:08:20.0397 4876 lltdio - ok
10:08:20.0459 4876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:20.0475 4876 LSI_FC - ok
10:08:20.0491 4876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:20.0522 4876 LSI_SAS - ok
10:08:20.0522 4876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:20.0553 4876 LSI_SAS2 - ok
10:08:20.0569 4876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:20.0600 4876 LSI_SCSI - ok
10:08:20.0615 4876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:08:20.0709 4876 luafv - ok
10:08:20.0756 4876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:08:20.0771 4876 megasas - ok
10:08:20.0803 4876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:20.0834 4876 MegaSR - ok
10:08:20.0865 4876 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:20.0896 4876 MEIx64 - ok
10:08:20.0912 4876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:08:21.0021 4876 Modem - ok
10:08:21.0052 4876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:08:21.0099 4876 monitor - ok
10:08:21.0130 4876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:08:21.0161 4876 mouclass - ok
10:08:21.0193 4876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:08:21.0239 4876 mouhid - ok
10:08:21.0286 4876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:08:21.0317 4876 mountmgr - ok
10:08:21.0349 4876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:08:21.0364 4876 mpio - ok
10:08:21.0395 4876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:08:21.0489 4876 mpsdrv - ok
10:08:21.0520 4876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:08:21.0583 4876 MRxDAV - ok
10:08:21.0614 4876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:21.0661 4876 mrxsmb - ok
10:08:21.0739 4876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:21.0801 4876 mrxsmb10 - ok
10:08:21.0848 4876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:21.0895 4876 mrxsmb20 - ok
10:08:21.0926 4876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:08:21.0941 4876 msahci - ok
10:08:22.0004 4876 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:08:22.0035 4876 msdsm - ok
10:08:22.0066 4876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:08:22.0207 4876 Msfs - ok
10:08:22.0222 4876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:08:22.0316 4876 mshidkmdf - ok
10:08:22.0347 4876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:08:22.0378 4876 msisadrv - ok
10:08:22.0425 4876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:08:22.0519 4876 MSKSSRV - ok
10:08:22.0534 4876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:22.0628 4876 MSPCLOCK - ok
10:08:22.0643 4876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:08:22.0721 4876 MSPQM - ok
10:08:22.0768 4876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:08:22.0799 4876 MsRPC - ok
10:08:22.0831 4876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:08:22.0846 4876 mssmbios - ok
10:08:22.0877 4876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:08:22.0971 4876 MSTEE - ok
10:08:22.0987 4876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:23.0018 4876 MTConfig - ok
10:08:23.0033 4876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:08:23.0065 4876 Mup - ok
10:08:23.0111 4876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:08:23.0174 4876 NativeWifiP - ok
10:08:23.0252 4876 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:08:23.0314 4876 NDIS - ok
10:08:23.0423 4876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:23.0533 4876 NdisCap - ok
10:08:23.0564 4876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:23.0673 4876 NdisTapi - ok
10:08:23.0704 4876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:23.0798 4876 Ndisuio - ok
10:08:23.0829 4876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:23.0907 4876 NdisWan - ok
10:08:23.0954 4876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:08:24.0047 4876 NDProxy - ok
10:08:24.0079 4876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:08:24.0188 4876 NetBIOS - ok
10:08:24.0219 4876 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:08:24.0297 4876 NetBT - ok
10:08:24.0344 4876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:24.0375 4876 nfrd960 - ok
10:08:24.0375 4876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:08:24.0453 4876 Npfs - ok
10:08:24.0469 4876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:08:24.0562 4876 nsiproxy - ok
10:08:24.0640 4876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:08:24.0718 4876 Ntfs - ok
10:08:24.0749 4876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:08:24.0843 4876 Null - ok
10:08:24.0905 4876 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
10:08:24.0937 4876 NVHDA - ok
10:08:25.0264 4876 nvlddmkm (e4c35efde340f3a18123ae85104b2b82) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:08:25.0685 4876 nvlddmkm - ok
10:08:25.0826 4876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:08:25.0857 4876 nvraid - ok
10:08:25.0888 4876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:08:25.0904 4876 nvstor - ok
10:08:25.0966 4876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:08:25.0982 4876 nv_agp - ok
10:08:25.0997 4876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:08:26.0060 4876 ohci1394 - ok
10:08:26.0138 4876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:08:26.0185 4876 Parport - ok
10:08:26.0216 4876 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:08:26.0247 4876 partmgr - ok
10:08:26.0278 4876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:08:26.0309 4876 pci - ok
10:08:26.0325 4876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:08:26.0356 4876 pciide - ok
10:08:26.0372 4876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:26.0403 4876 pcmcia - ok
10:08:26.0434 4876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:08:26.0450 4876 pcw - ok
10:08:26.0497 4876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:08:26.0621 4876 PEAUTH - ok
10:08:26.0715 4876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:08:26.0809 4876 PptpMiniport - ok
10:08:26.0840 4876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:08:26.0871 4876 Processor - ok
10:08:26.0918 4876 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:08:27.0027 4876 Psched - ok
10:08:27.0089 4876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:08:27.0167 4876 ql2300 - ok
10:08:27.0183 4876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:27.0199 4876 ql40xx - ok
10:08:27.0230 4876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:08:27.0277 4876 QWAVEdrv - ok
10:08:27.0292 4876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:08:27.0401 4876 RasAcd - ok
10:08:27.0448 4876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:27.0542 4876 RasAgileVpn - ok
10:08:27.0573 4876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:27.0667 4876 Rasl2tp - ok
10:08:27.0698 4876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:27.0807 4876 RasPppoe - ok
10:08:27.0838 4876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:08:27.0916 4876 RasSstp - ok
10:08:27.0963 4876 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:08:28.0072 4876 rdbss - ok
10:08:28.0088 4876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:28.0150 4876 rdpbus - ok
10:08:28.0166 4876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:28.0259 4876 RDPCDD - ok
10:08:28.0322 4876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:08:28.0415 4876 RDPENCDD - ok
10:08:28.0431 4876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:08:28.0540 4876 RDPREFMP - ok
10:08:28.0603 4876 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:08:28.0727 4876 RDPWD - ok
10:08:28.0837 4876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:08:28.0883 4876 rdyboost - ok
10:08:28.0930 4876 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:08:28.0977 4876 RFCOMM - ok
10:08:29.0039 4876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:08:29.0133 4876 rspndr - ok
10:08:29.0180 4876 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:08:29.0211 4876 RTL8167 - ok
10:08:29.0320 4876 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
10:08:29.0351 4876 rtport - ok
10:08:29.0445 4876 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
10:08:29.0492 4876 SABI - ok
10:08:29.0554 4876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:08:29.0585 4876 sbp2port - ok
10:08:29.0601 4876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:08:29.0679 4876 scfilter - ok
10:08:29.0741 4876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:08:29.0835 4876 secdrv - ok
10:08:29.0913 4876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:08:29.0960 4876 Serenum - ok
10:08:29.0975 4876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:08:30.0022 4876 Serial - ok
10:08:30.0069 4876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:08:30.0116 4876 sermouse - ok
10:08:30.0147 4876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:08:30.0194 4876 sffdisk - ok
10:08:30.0209 4876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:08:30.0241 4876 sffp_mmc - ok
10:08:30.0272 4876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:08:30.0319 4876 sffp_sd - ok
10:08:30.0350 4876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:30.0381 4876 sfloppy - ok
10:08:30.0428 4876 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:08:30.0475 4876 Sftfs - ok
10:08:30.0506 4876 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:08:30.0537 4876 Sftplay - ok
10:08:30.0553 4876 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:08:30.0568 4876 Sftredir - ok
10:08:30.0584 4876 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:08:30.0599 4876 Sftvol - ok
10:08:30.0662 4876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:30.0693 4876 SiSRaid2 - ok
10:08:30.0693 4876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:30.0724 4876 SiSRaid4 - ok
10:08:30.0755 4876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:08:30.0865 4876 Smb - ok
10:08:30.0896 4876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:08:30.0911 4876 spldr - ok
10:08:30.0958 4876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:08:31.0021 4876 srv - ok
10:08:31.0052 4876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:08:31.0099 4876 srv2 - ok
10:08:31.0130 4876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:08:31.0177 4876 srvnet - ok
10:08:31.0223 4876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:08:31.0255 4876 stexstor - ok
10:08:31.0301 4876 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:08:31.0348 4876 StillCam - ok
10:08:31.0395 4876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:08:31.0411 4876 swenum - ok
10:08:31.0504 4876 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
10:08:31.0567 4876 SynTP - ok
10:08:31.0738 4876 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:08:31.0832 4876 Tcpip - ok
10:08:31.0988 4876 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:08:32.0081 4876 TCPIP6 - ok
10:08:32.0175 4876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:08:32.0284 4876 tcpipreg - ok
10:08:32.0315 4876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:08:32.0409 4876 TDPIPE - ok
10:08:32.0425 4876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:08:32.0503 4876 TDTCP - ok
10:08:32.0534 4876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:08:32.0612 4876 tdx - ok
10:08:32.0659 4876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:08:32.0690 4876 TermDD - ok
10:08:32.0752 4876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:32.0846 4876 tssecsrv - ok
10:08:32.0893 4876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:08:32.0939 4876 TsUsbFlt - ok
10:08:33.0002 4876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:08:33.0095 4876 tunnel - ok
10:08:33.0127 4876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:08:33.0158 4876 uagp35 - ok
10:08:33.0205 4876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:08:33.0298 4876 udfs - ok
10:08:33.0361 4876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:08:33.0376 4876 uliagpkx - ok
10:08:33.0423 4876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:08:33.0470 4876 umbus - ok
10:08:33.0501 4876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:08:33.0548 4876 UmPass - ok
10:08:33.0595 4876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:33.0626 4876 usbccgp - ok
10:08:33.0673 4876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:08:33.0751 4876 usbcir - ok
10:08:33.0782 4876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:08:33.0813 4876 usbehci - ok
10:08:33.0860 4876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:08:33.0907 4876 usbhub - ok
10:08:33.0938 4876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:08:33.0969 4876 usbohci - ok
10:08:34.0000 4876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:08:34.0047 4876 usbprint - ok
10:08:34.0063 4876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:08:34.0094 4876 USBSTOR - ok
10:08:34.0125 4876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:08:34.0156 4876 usbuhci - ok
10:08:34.0219 4876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:08:34.0265 4876 usbvideo - ok
10:08:34.0297 4876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:08:34.0328 4876 vdrvroot - ok
10:08:34.0375 4876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:34.0406 4876 vga - ok
10:08:34.0421 4876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:08:34.0515 4876 VgaSave - ok
10:08:34.0531 4876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:08:34.0562 4876 vhdmp - ok
10:08:34.0593 4876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:08:34.0609 4876 viaide - ok
10:08:34.0640 4876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:08:34.0655 4876 volmgr - ok
10:08:34.0702 4876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:08:34.0749 4876 volmgrx - ok
10:08:34.0780 4876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:08:34.0811 4876 volsnap - ok
10:08:34.0858 4876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:34.0889 4876 vsmraid - ok
10:08:34.0936 4876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:34.0967 4876 vwifibus - ok
10:08:35.0014 4876 vwififlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:35.0061 4876 vwififlt - ok
10:08:35.0077 4876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:08:35.0123 4876 WacomPen - ok
10:08:35.0155 4876 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:35.0264 4876 WANARP - ok
10:08:35.0264 4876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:35.0342 4876 Wanarpv6 - ok
10:08:35.0404 4876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:08:35.0435 4876 Wd - ok
10:08:35.0467 4876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:08:35.0513 4876 Wdf01000 - ok
10:08:35.0576 4876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:35.0654 4876 WfpLwf - ok
10:08:35.0669 4876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:08:35.0701 4876 WIMMount - ok
10:08:35.0794 4876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:08:35.0825 4876 WmiAcpi - ok
10:08:35.0872 4876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:08:35.0950 4876 ws2ifsl - ok
10:08:35.0981 4876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:08:36.0075 4876 WudfPf - ok
10:08:36.0122 4876 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:36.0215 4876 WUDFRd - ok
10:08:36.0262 4876 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
10:08:36.0683 4876 \Device\Harddisk0\DR0 - ok
10:08:36.0699 4876 Boot (0x1200) (a71f9d4598d239d26ca108ec7b2813b3) \Device\Harddisk0\DR0\Partition0
10:08:36.0699 4876 \Device\Harddisk0\DR0\Partition0 - ok
10:08:36.0730 4876 Boot (0x1200) (91d1f98eb7ad2d47b9092638b4221da1) \Device\Harddisk0\DR0\Partition1
10:08:36.0730 4876 \Device\Harddisk0\DR0\Partition1 - ok
10:08:36.0761 4876 Boot (0x1200) (23e567bbcdd1ad8f008fa1f4cb3f023a) \Device\Harddisk0\DR0\Partition2
10:08:36.0761 4876 \Device\Harddisk0\DR0\Partition2 - ok
10:08:36.0761 4876 ============================================================
10:08:36.0761 4876 Scan finished
10:08:36.0761 4876 ============================================================
10:08:36.0793 4668 Detected object count: 0
10:08:36.0793 4668 Actual detected object count: 0
|
|
06.02.2012, 10:15
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | security center, Achtung! Ihr Windows System wurde blockiert! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 10:19
| #26 |
| | security center, Achtung! Ihr Windows System wurde blockiert! Guten Morgen Arene, auf Dokumente, Desktop und Startmenü kann ich problemlos zugreifen! Lg |
|
06.02.2012, 10:46
| #27 |
| | security center, Achtung! Ihr Windows System wurde blockiert! Combofix Logfile: Code:
ATTFilter ComboFix 12-02-05.02 - Dili 06.02.2012 10:27:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6124.4653 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-06 bis 2012-02-06 ))))))))))))))))))))))))))))))
.
.
2012-02-06 09:37 . 2012-02-06 09:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 22:57 . 2012-02-05 22:57 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-02-05 22:51 . 2012-02-05 22:51 -------- d-----w- C:\_OTL
2012-02-05 19:17 . 2012-02-05 19:17 -------- d-----w- c:\program files (x86)\ESET
2012-02-05 18:58 . 2012-02-05 18:58 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2012-02-05 18:58 . 2012-02-05 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 18:58 . 2012-02-05 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-05 18:58 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 09:53 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-05 09:53 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-05 09:53 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-05 09:53 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-05 09:53 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-05 09:52 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-05 09:52 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-05 09:52 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-05 09:52 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-05 09:52 . 2012-02-05 09:52 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 09:52 . 2012-02-05 09:52 -------- d-----w- c:\program files\AVAST Software
2012-02-04 23:09 . 2012-02-04 23:09 -------- d-----w- c:\users\****\AppData\Local\ElevatedDiagnostics
2012-02-03 08:31 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8360838-2F36-4AFF-B592-ED7CCC89B2A5}\mpengine.dll
2012-01-31 11:21 . 2012-01-31 11:21 -------- d-----w- c:\windows\system32\SPReview
2012-01-31 11:07 . 2012-01-31 11:07 -------- d-----w- c:\windows\system32\EventProviders
2012-01-11 19:27 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:27 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:27 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 11:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-31 11:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-26 23:52 . 2011-09-28 11:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-15 06:38 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 11:59 . 2011-11-16 11:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-16 11:59 . 2011-11-16 11:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-16 11:59 . 2011-11-16 11:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-16 11:59 . 2011-11-16 11:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-16 11:59 . 2011-11-16 11:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-16 11:59 . 2011-11-16 11:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-16 11:59 . 2011-11-16 11:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-16 11:59 . 2011-11-16 11:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-16 11:59 . 2011-11-16 11:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-16 11:59 . 2011-11-16 11:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-16 11:59 . 2011-11-16 11:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-16 11:59 . 2011-11-16 11:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-16 11:59 . 2011-11-16 11:59 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-16 11:59 . 2011-11-16 11:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-16 11:59 . 2011-11-16 11:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-16 11:59 . 2011-11-16 11:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-16 11:59 . 2011-11-16 11:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-16 11:59 . 2011-11-16 11:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-16 11:59 . 2011-11-16 11:59 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-16 11:59 . 2011-11-16 11:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-16 11:59 . 2011-11-16 11:59 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-16 11:59 . 2011-11-16 11:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-16 11:59 . 2011-11-16 11:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-16 11:59 . 2011-11-16 11:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-16 11:59 . 2011-11-16 11:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-16 11:59 . 2011-11-16 11:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-16 11:59 . 2011-11-16 11:59 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-16 11:59 . 2011-11-16 11:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-16 11:59 . 2011-11-16 11:59 448512 ----a-w- c:\windows\system32\html.iec
2011-11-16 11:59 . 2011-11-16 11:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-16 11:59 . 2011-11-16 11:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-16 11:59 . 2011-11-16 11:59 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-16 11:59 . 2011-11-16 11:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-16 11:59 . 2011-11-16 11:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 69174414
*Deregistered* - 69174414
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 10:25]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 10:25]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000Core.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 08:35]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336442205-827502387-1674173946-1000UA.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 08:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = <local>
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-06 10:41:52
ComboFix-quarantined-files.txt 2012-02-06 09:41
.
Vor Suchlauf: 8 Verzeichnis(se), 199.597.563.904 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 199.219.150.848 Bytes frei
.
- - End Of File - - 261C7AFC9799835725DECA25B3CA2D81
|
|
06.02.2012, 10:49
| #28 |
| | security center, Achtung! Ihr Windows System wurde blockiert! Nach Updates und Wiederherstellungen wurden nicht gefragt... Soll ich nun ComboFix deinstallieren wie im Tutorium beschrieben? |
|
06.02.2012, 11:40
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | security center, Achtung! Ihr Windows System wurde blockiert! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 11:55
| #30 |
| | security center, Achtung! Ihr Windows System wurde blockiert!Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 11:47:35
-----------------------------
11:47:35.146 OS Version: Windows x64 6.1.7601 Service Pack 1
11:47:35.146 Number of processors: 4 586 0x2A07
11:47:35.146 ComputerName: ****-PC UserName: ****
11:47:35.973 Initialize success
11:47:36.098 AVAST engine defs: 12020503
11:47:49.436 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:47:49.436 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
11:47:49.483 Disk 0 MBR read successfully
11:47:49.483 Disk 0 MBR scan
11:47:49.498 Disk 0 unknown MBR code
11:47:49.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:47:49.529 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 235520 MB offset 206848
11:47:49.545 Disk 0 Partition - 00 0F Extended LBA 350947 MB offset 482551808
11:47:49.576 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23907 MB offset 1201291264
11:47:49.607 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 350946 MB offset 482553856
11:47:49.623 Service scanning
11:47:51.089 Modules scanning
11:47:51.089 Disk 0 trace - called modules:
11:47:51.620
11:47:52.275 AVAST engine scan C:\Windows
11:47:55.223 AVAST engine scan C:\Windows\system32
11:50:09.399 AVAST engine scan C:\Windows\system32\drivers
11:50:19.976 AVAST engine scan C:\Users\****
11:51:32.875 AVAST engine scan C:\ProgramData
11:53:14.909 Scan finished successfully
11:54:15.623 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
11:54:15.639 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"
|
|
| Themen zu security center, Achtung! Ihr Windows System wurde blockiert! |
| achtung, achtung!, achtung! ihr windows system wurde blockiert!, anhänge, blockiert, center, computer, erlaubt, euro, festgestellt, folge, folgende, gesperrt, gestartet, hängen, ihr computer wurde gesperrt, installiert, meldung, microsoft, nicht mehr, problem, security, security center, software, starte, startet, system, verbietet, windows |
Linear-Darstellung
