Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Achtung! Ihr Computer wurde gesperrt!

Achtung! Ihr Computer wurde gesperrt!


Plagegeister aller Art und deren Bekämpfung: Achtung! Ihr Computer wurde gesperrt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 11.02.2012, 17:19   #1
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Guten Tag zusammen,

gestern Abend beim Surfen öffnete sich ein "Wondows Security Center"-Fenster, mit dem Windows-XP Sytle und dem Inhalt:

Achtung! Ihr computer wurde gesperrt!!!
Bei der Überprüfung der Echtheit von Windows wurde festgestellt, dass auf ihrem PC nicht lizensierte software installiert wurde! Die Microsoft Corporation verbietet es ausdrücklich, unlizenzierte Software zu benutzen!

Darüber hinaus eine Aufforderung 100€ zu zahlen und so weiter.

Ich habe nichts heruntergeladen geschweige denn geöffnet, sondern habe einfach nur Seiten durchstöbert, als sich das Fenster plötzlich öffnete. Besagtes Fenster ließ sich nicht mehr schließen, Task-Manager und sonstige versuche brachten ebenfalls nichts. Neustart des Rechners führte zu keinem Erfolg. Nach einem Start im Abgesicherten Modus konnte ich eine Systemwiederherstellung durchführen, ca. 7 Tage "zurück".

Seit dem treten keine Probleme mehr auf, F-Secure Internet Security (gekaufte Vollversion natürlich) hat nach 2 Scans nicht gefunden. Malwarebytes läuft gerade durch und hat bisher 1 infiziertes Objekt gefunden.

Gibt es sonst etwas was ich beachten/tun/unterlassen sollte oder habt ihr sonst Tipps für mich? Das ist das erste mal, dass ich mit solchen Computerschädlingen Probleme habe, also entschuldigt bitte meine Unwissenheit.

Vielen Dank im Vorraus!

Alt 12.02.2012, 15:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Zitat:
Malwarebytes läuft gerade durch und hat bisher 1 infiziertes Objekt gefunden.
Bitte alle Logs davon posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 12.02.2012, 15:39   #3
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
SiGma :: SIGMA-PC [Administrator]

11.02.2012 17:04:30
mbam-log-2012-02-11 (17-04-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325644
Laufzeit: 34 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\SiGma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\50d2fa1d-3815b704 (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________
Alt 12.02.2012, 15:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 15:43   #5
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Ich habe in der Vergangenheit nie mit Malwarebytes gearbeitet. Dies ist der einzige Log, der vorhanden ist.


Alt 12.02.2012, 15:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Achtung! Ihr Computer wurde gesperrt!

Alt 12.02.2012, 16:41   #7
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2ff0c9ae0e36614b9210c0c4c1ba6b02
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 03:38:12
# local_time=2012-02-12 04:38:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 61071 80688418 0 0
# compatibility_mode=8192 67108863 100 0 3853 3853 0 0
# scanned=141677
# found=0
# cleaned=0
# scan_time=2524

Alt 12.02.2012, 18:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Geht der normale Modus von Windows wieder ohne Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 18:39   #9
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Ja ich bin schon die ganze Zeit seit der Systemwiederherstellung wieder im normalen Modus unterwegs.

Alt 12.02.2012, 19:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 19:13   #11
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Code:
ATTFilter
OTL logfile created on: 12.02.2012 19:04:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\SiGma\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,20% Memory free
15,97 Gb Paging File | 14,24 Gb Available in Paging File | 89,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 261,11 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SIGMA-PC | User Name: SiGma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.12 19:02:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\SiGma\Downloads\OTL.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 10:12:35 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.12 17:51:24 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
PRC - [2011.09.12 17:50:13 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
PRC - [2011.09.12 17:50:13 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
PRC - [2011.09.12 17:47:03 | 000,221,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2011.09.12 17:47:02 | 000,201,384 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
PRC - [2011.09.12 17:47:02 | 000,189,096 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
PRC - [2011.09.12 17:47:01 | 000,090,792 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.05 02:13:34 | 001,576,960 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe
PRC - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.12 17:47:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\strres.eng
MOD - [2011.09.12 17:47:09 | 000,553,640 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\gres.dll
MOD - [2011.09.12 17:47:09 | 000,443,048 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\about.dll
MOD - [2011.09.12 17:47:09 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng
MOD - [2011.09.12 17:47:09 | 000,090,792 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll
MOD - [2011.09.12 17:47:09 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng
MOD - [2011.09.12 17:47:05 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSPC\fspcfsm.eng
MOD - [2009.08.13 17:42:52 | 000,860,160 | ---- | M] () -- C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.11 12:03:38 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.09.14 05:43:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.09.12 17:51:24 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011.09.12 17:47:08 | 000,849,576 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011.09.12 17:47:03 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011.09.12 17:47:02 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009.07.14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.31 11:27:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.01.31 11:27:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.12 17:47:13 | 000,046,664 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011.09.12 17:47:08 | 000,095,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.31 14:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.01.06 16:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.10.16 05:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.08.04 17:49:28 | 000,718,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011.09.12 17:50:23 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011.09.12 17:47:15 | 000,061,960 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2011.09.12 17:47:03 | 000,015,016 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 3B D7 B3 16 B7 CC 01  [binary data]
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "sueddeutsche.de"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SiGma\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SiGma\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2011.12.08 06:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.11 12:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.11 19:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.12 18:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.11 19:15:58 | 000,000,000 | ---D | M]
 
[2011.09.12 17:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiGma\AppData\Roaming\mozilla\Extensions
[2012.01.08 20:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiGma\AppData\Roaming\mozilla\Firefox\Profiles\ii59lvxu.default\extensions
[2011.11.23 15:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\SIGMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\II59LVXU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.11 12:57:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.11 12:57:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 12:57:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 12:57:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 12:57:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 12:57:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 12:57:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SiGma\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SiGma\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SiGma\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\SiGma\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.51_0\
CHR - Extension: YouTube = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.16_0\
CHR - Extension: Google Mail = C:\Users\SiGma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-881844636-3690679404-3379734961-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-881844636-3690679404-3379734961-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0402C549-36D4-4D3A-A513-B2AF747BAE54}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BFB47BA-DCF9-46E5-9570-ADFE3018BBB5}: NameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9066A0-FA22-437C-A790-0C9E4507B9DB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F40AFE4-772C-4CB2-8712-8E6FF71E9F26}: DhcpNameServer = 213.191.92.86 62.109.123.7 62.109.123.6 213.191.92.87
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDSETUP.EXE
O33 - MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^SiGma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\PROGRA~2\MAGICD~1\MAGICD~1.EXE - (MagicISO, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 15:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.11 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.02.11 19:16:48 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Local\Google
[2012.02.11 19:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.02.11 19:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.02.11 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.02.11 19:10:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.11 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\Malwarebytes
[2012.02.11 17:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.11 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.11 17:03:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.11 17:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.10 19:43:08 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Local\DDMSettings
[2012.02.10 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\DivX
[2012.02.10 19:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.02.10 19:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.02.10 19:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.02.04 19:24:37 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.02.04 17:31:26 | 000,000,000 | ---D | C] -- C:\Users\SiGma\Documents\Codemasters
[2012.02.04 17:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2012.01.31 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\XRay Engine
[2012.01.31 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012.01.31 11:11:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2012.01.31 11:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2012.01.30 09:29:14 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\Mp3tag
[2012.01.30 09:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2012.01.28 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2012.01.18 17:00:07 | 000,000,000 | ---D | C] -- C:\Users\SiGma\AppData\Roaming\F-Secure
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 18:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881844636-3690679404-3379734961-1000UA.job
[2012.02.12 15:38:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 15:38:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 15:32:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 15:32:50 | 2134,204,415 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.11 19:21:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881844636-3690679404-3379734961-1000Core.job
[2012.02.11 19:18:36 | 000,002,312 | ---- | M] () -- C:\Users\SiGma\Desktop\Google Chrome.lnk
[2012.02.11 17:03:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.11 12:34:41 | 000,000,219 | ---- | M] () -- C:\Users\SiGma\Desktop\Counter-Strike Source.url
[2012.02.10 13:08:22 | 000,026,741 | ---- | M] () -- C:\Users\SiGma\Desktop\Probeklausur.odt
[2012.02.05 20:48:44 | 000,328,086 | ---- | M] () -- C:\Users\SiGma\Desktop\Misa.jpg
[2012.02.02 07:49:49 | 001,520,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.02 07:49:49 | 000,661,056 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.02 07:49:49 | 000,622,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.02 07:49:49 | 000,133,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.02 07:49:49 | 000,109,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.31 11:27:37 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.01.31 11:27:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.01.31 11:12:58 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012.01.30 09:28:51 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.01.25 21:39:41 | 000,953,429 | ---- | M] () -- C:\Users\SiGma\Desktop\Sanduhr.png
[2012.01.17 23:54:44 | 000,012,544 | ---- | M] () -- C:\Users\SiGma\Desktop\Facharbeit.odt
[2012.01.15 20:24:12 | 000,020,108 | ---- | M] () -- C:\Users\SiGma\Desktop\U1.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 19:18:36 | 000,002,312 | ---- | C] () -- C:\Users\SiGma\Desktop\Google Chrome.lnk
[2012.02.11 19:16:49 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881844636-3690679404-3379734961-1000UA.job
[2012.02.11 19:16:48 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881844636-3690679404-3379734961-1000Core.job
[2012.02.11 19:15:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.11 17:03:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.11 12:34:41 | 000,000,219 | ---- | C] () -- C:\Users\SiGma\Desktop\Counter-Strike Source.url
[2012.02.10 13:08:20 | 000,026,741 | ---- | C] () -- C:\Users\SiGma\Desktop\Probeklausur.odt
[2012.02.05 20:48:42 | 000,328,086 | ---- | C] () -- C:\Users\SiGma\Desktop\Misa.jpg
[2012.01.31 11:27:37 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.01.31 11:27:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.01.31 11:12:58 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Clear Sky.lnk
[2012.01.30 09:28:51 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.01.25 21:39:39 | 000,953,429 | ---- | C] () -- C:\Users\SiGma\Desktop\Sanduhr.png
[2012.01.17 23:54:42 | 000,012,544 | ---- | C] () -- C:\Users\SiGma\Desktop\Facharbeit.odt
[2011.12.17 21:10:04 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.12.11 19:58:43 | 000,007,605 | ---- | C] () -- C:\Users\SiGma\AppData\Local\Resmon.ResmonCfg
[2011.12.10 17:54:14 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.12.10 03:47:11 | 000,000,003 | ---- | C] () -- C:\Users\SiGma\AppData\Local\user_data.ini
[2011.12.10 03:40:17 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.10 03:40:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.13 20:55:11 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.09.13 20:55:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.12 17:47:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011.09.12 17:47:27 | 001,516,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.12 17:18:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.11.13 05:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007.12.04 04:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007.06.07 04:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
 
========== LOP Check ==========
 
[2011.09.12 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Auslogics
[2011.12.10 09:39:57 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DeviceVm
[2012.01.07 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DVDVideoSoft
[2012.01.07 23:44:51 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.18 17:00:07 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\F-Secure
[2012.02.11 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\foobar2000
[2012.01.30 09:33:25 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Mp3tag
[2011.10.10 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\OpenOffice.org
[2012.02.10 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Rift
[2011.11.03 11:56:22 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\The Creative Assembly
[2011.09.12 18:04:27 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Thunderbird
[2012.02.10 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\TS3Client
[2012.01.31 11:29:45 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\XRay Engine
[2012.01.06 11:34:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.09 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Adobe
[2011.09.12 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\ATI
[2011.09.12 20:42:35 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Auslogics
[2011.12.10 09:39:57 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DeviceVm
[2012.02.10 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DivX
[2012.01.07 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DVDVideoSoft
[2012.01.07 23:44:51 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.18 17:00:07 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\F-Secure
[2012.02.11 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\foobar2000
[2011.09.12 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Identities
[2012.02.04 17:25:48 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\InstallShield
[2011.09.12 19:46:30 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Macromedia
[2012.02.11 17:03:27 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Media Center Programs
[2011.12.09 11:28:26 | 000,000,000 | --SD | M] -- C:\Users\SiGma\AppData\Roaming\Microsoft
[2011.09.12 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Mozilla
[2012.01.30 09:33:25 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Mp3tag
[2011.10.10 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\OpenOffice.org
[2012.02.10 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Rift
[2012.02.11 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Skype
[2011.11.03 11:56:22 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\The Creative Assembly
[2011.09.12 18:04:27 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\Thunderbird
[2012.02.10 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\TS3Client
[2011.10.20 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\WinRAR
[2012.01.31 11:29:45 | 000,000,000 | ---D | M] -- C:\Users\SiGma\AppData\Roaming\XRay Engine
 
< %APPDATA%\*.exe /s >
[2011.11.04 11:57:14 | 000,106,838 | R--- | M] () -- C:\Users\SiGma\AppData\Roaming\Microsoft\Installer\{87464284-11C8-4F83-88EC-E8013320B789}\_A4BC2B725F1C6B10F2C6D9.exe
[2011.12.05 18:31:52 | 000,010,134 | R--- | M] () -- C:\Users\SiGma\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 12.02.2012 19:04:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\SiGma\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,20% Memory free
15,97 Gb Paging File | 14,24 Gb Available in Paging File | 89,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 261,11 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SIGMA-PC | User Name: SiGma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Edimax Wireless LAN Card
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Age of Conan_is1" = Age of Conan: Unchained
"AudioCS" = Creative Audio-Systemsteuerung
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.1.7
"F-Secure Product 444" = F-Secure Internet Security 2011
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.49b
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 240" = Counter-Strike: Source
"Steam App 32800" = The Lord of the Rings: War in the North
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Vindictus EU" = Vindictus EU
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.02.2012 17:13:02 | Computer Name = SiGma-PC | Source = Application Hang | ID = 1002
Description = Programm launcher.exe, Version 3.1.9.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fb0    Startzeit: 
01cce6a665c6e649    Endzeit: 2    Anwendungspfad: C:\Program Files (x86)\Electronic Arts\BioWare\Star
 Wars - The Old Republic\launcher.exe    Berichts-ID: acfc2230-5299-11e1-a9a5-50e549357cc4

 
Error - 10.02.2012 15:08:25 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 10.02.2012 15:08:25 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 10.02.2012 15:08:25 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 10.02.2012 15:08:25 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.02.2012 15:08:26 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.02.2012 15:08:26 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 10.02.2012 15:08:26 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 10.02.2012 15:08:26 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 10.02.2012 15:08:26 | Computer Name = SiGma-PC | Source = Windows Search Service | ID = 7042
Description = 
 
[ System Events ]
Error - 24.12.2011 12:20:46 | Computer Name = SiGma-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.12.2011 06:11:01 | Computer Name = SiGma-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 06.01.2012 12:29:12 | Computer Name = SiGma-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 08.01.2012 15:46:05 | Computer Name = SiGma-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 08.01.2012 15:46:05 | Computer Name = SiGma-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10.01.2012 06:33:16 | Computer Name = SiGma-PC | Source = WMPNetworkSvc | ID = 866291
Description = 
 
Error - 10.01.2012 06:33:16 | Computer Name = SiGma-PC | Source = WMPNetworkSvc | ID = 866291
Description = 
 
Error - 10.01.2012 06:33:16 | Computer Name = SiGma-PC | Source = WMPNetworkSvc | ID = 866324
Description = 
 
Error - 10.01.2012 06:33:16 | Computer Name = SiGma-PC | Source = WMPNetworkSvc | ID = 866291
Description = 
 
Error - 10.01.2012 06:33:16 | Computer Name = SiGma-PC | Source = WMPNetworkSvc | ID = 866316
Description = 
 
 
< End of report >

Alt 12.02.2012, 19:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 3B D7 B3 16 B7 CC 01  [binary data]
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-881844636-3690679404-3379734961-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDSETUP.EXE
O33 - MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoStarter.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 20:05   #13
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-881844636-3690679404-3379734961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-881844636-3690679404-3379734961-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6191b483-22d3-11e1-8248-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6191b483-22d3-11e1-8248-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6191b483-22d3-11e1-8248-806e6f6e6963}\ not found.
File D:\CDSETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9ea6c33-28e9-11e1-b7a8-806e6f6e6963}\ not found.
File D:\AutoStarter.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: SiGma
->Temp folder emptied: 6745500 bytes
->Temporary Internet Files folder emptied: 1915723 bytes
->Java cache emptied: 5963272 bytes
->FireFox cache emptied: 89630737 bytes
->Google Chrome cache emptied: 345360476 bytes
->Flash cache emptied: 2313 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5369052 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 434,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_200100

Files\Folders moved on Reboot...
C:\Users\SiGma\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 12.02.2012, 20:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 20:51   #15
sky9
 
Achtung! Ihr Computer wurde gesperrt! - Standard

Achtung! Ihr Computer wurde gesperrt!


Code:
ATTFilter
20:49:37.0215 4840	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
20:49:37.0464 4840	============================================================
20:49:37.0464 4840	Current date / time: 2012/02/12 20:49:37.0464
20:49:37.0464 4840	SystemInfo:
20:49:37.0464 4840	
20:49:37.0464 4840	OS Version: 6.1.7601 ServicePack: 1.0
20:49:37.0464 4840	Product type: Workstation
20:49:37.0464 4840	ComputerName: SIGMA-PC
20:49:37.0464 4840	UserName: SiGma
20:49:37.0464 4840	Windows directory: C:\Windows
20:49:37.0464 4840	System windows directory: C:\Windows
20:49:37.0464 4840	Running under WOW64
20:49:37.0464 4840	Processor architecture: Intel x64
20:49:37.0464 4840	Number of processors: 4
20:49:37.0464 4840	Page size: 0x1000
20:49:37.0464 4840	Boot type: Normal boot
20:49:37.0464 4840	============================================================
20:49:38.0478 4840	Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:38.0478 4840	\Device\Harddisk0\DR0:
20:49:38.0478 4840	MBR used
20:49:38.0478 4840	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
20:49:38.0510 4840	Initialize success
20:49:38.0510 4840	============================================================
20:49:49.0055 4676	============================================================
20:49:49.0055 4676	Scan started
20:49:49.0055 4676	Mode: Manual; SigCheck; TDLFS; 
20:49:49.0055 4676	============================================================
20:49:49.0835 4676	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:49:49.0991 4676	1394ohci - ok
20:49:50.0085 4676	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:49:50.0116 4676	ACPI - ok
20:49:50.0288 4676	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:49:50.0366 4676	AcpiPmi - ok
20:49:50.0475 4676	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:49:50.0646 4676	adp94xx - ok
20:49:50.0834 4676	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:49:50.0865 4676	adpahci - ok
20:49:50.0958 4676	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:49:51.0005 4676	adpu320 - ok
20:49:51.0114 4676	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:49:51.0302 4676	AFD - ok
20:49:51.0458 4676	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:49:51.0489 4676	agp440 - ok
20:49:51.0504 4676	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:49:51.0520 4676	aliide - ok
20:49:51.0551 4676	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:49:51.0567 4676	amdide - ok
20:49:51.0629 4676	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:49:51.0692 4676	AmdK8 - ok
20:49:52.0019 4676	amdkmdag        (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:52.0409 4676	amdkmdag - ok
20:49:52.0596 4676	amdkmdap        (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
20:49:52.0784 4676	amdkmdap - ok
20:49:52.0908 4676	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:49:52.0955 4676	AmdPPM - ok
20:49:53.0127 4676	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:49:53.0158 4676	amdsata - ok
20:49:53.0174 4676	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:49:53.0189 4676	amdsbs - ok
20:49:53.0205 4676	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:49:53.0236 4676	amdxata - ok
20:49:53.0298 4676	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:49:53.0423 4676	AppID - ok
20:49:53.0595 4676	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:49:53.0689 4676	arc - ok
20:49:53.0720 4676	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:49:53.0860 4676	arcsas - ok
20:49:53.0923 4676	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:49:54.0157 4676	AsyncMac - ok
20:49:54.0344 4676	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:49:54.0344 4676	atapi - ok
20:49:54.0406 4676	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
20:49:54.0422 4676	AtiHDAudioService - ok
20:49:54.0640 4676	atikmdag        (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
20:49:54.0859 4676	atikmdag - ok
20:49:55.0077 4676	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:49:55.0202 4676	atksgt - ok
20:49:55.0311 4676	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:49:55.0576 4676	b06bdrv - ok
20:49:55.0857 4676	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:49:55.0904 4676	b57nd60a - ok
20:49:55.0951 4676	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:49:55.0997 4676	Beep - ok
20:49:56.0091 4676	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:49:56.0122 4676	blbdrive - ok
20:49:56.0231 4676	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:49:56.0341 4676	bowser - ok
20:49:56.0481 4676	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:49:56.0543 4676	BrFiltLo - ok
20:49:56.0606 4676	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:49:56.0621 4676	BrFiltUp - ok
20:49:56.0637 4676	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:49:56.0731 4676	Brserid - ok
20:49:56.0824 4676	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:49:56.0871 4676	BrSerWdm - ok
20:49:56.0949 4676	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:49:56.0980 4676	BrUsbMdm - ok
20:49:57.0011 4676	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:49:57.0043 4676	BrUsbSer - ok
20:49:57.0058 4676	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:49:57.0105 4676	BTHMODEM - ok
20:49:57.0136 4676	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:49:57.0230 4676	cdfs - ok
20:49:57.0433 4676	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:49:57.0573 4676	cdrom - ok
20:49:57.0682 4676	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:49:57.0729 4676	circlass - ok
20:49:57.0885 4676	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:49:57.0979 4676	CLFS - ok
20:49:58.0119 4676	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:49:58.0150 4676	CmBatt - ok
20:49:58.0259 4676	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:49:58.0275 4676	cmdide - ok
20:49:58.0322 4676	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:49:58.0431 4676	CNG - ok
20:49:58.0540 4676	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:49:58.0649 4676	Compbatt - ok
20:49:58.0805 4676	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:49:58.0852 4676	CompositeBus - ok
20:49:58.0915 4676	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:49:58.0977 4676	crcdisk - ok
20:49:59.0195 4676	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:49:59.0476 4676	CSC - ok
20:49:59.0726 4676	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:49:59.0851 4676	DfsC - ok
20:49:59.0975 4676	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:50:00.0022 4676	discache - ok
20:50:00.0209 4676	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:50:00.0225 4676	Disk - ok
20:50:00.0287 4676	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:50:00.0334 4676	drmkaud - ok
20:50:00.0397 4676	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:50:00.0459 4676	DXGKrnl - ok
20:50:00.0599 4676	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:50:00.0646 4676	E1G60 - ok
20:50:00.0709 4676	EagleX64 - ok
20:50:00.0771 4676	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:50:00.0896 4676	ebdrv - ok
20:50:01.0099 4676	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:50:01.0255 4676	elxstor - ok
20:50:01.0317 4676	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:50:01.0364 4676	ErrDev - ok
20:50:01.0520 4676	EtronHub3 - ok
20:50:01.0535 4676	EtronXHCI - ok
20:50:01.0598 4676	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:50:01.0645 4676	exfat - ok
20:50:01.0801 4676	F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys
20:50:01.0894 4676	F-Secure Gatekeeper - ok
20:50:01.0988 4676	F-Secure HIPS   (1c8ab0d7d5451c58962940539f913473) C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys
20:50:02.0003 4676	F-Secure HIPS - ok
20:50:02.0144 4676	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:50:02.0284 4676	fastfat - ok
20:50:02.0393 4676	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:50:02.0409 4676	fdc - ok
20:50:02.0440 4676	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:50:02.0534 4676	FileInfo - ok
20:50:02.0659 4676	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:50:02.0721 4676	Filetrace - ok
20:50:02.0721 4676	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:50:02.0737 4676	flpydisk - ok
20:50:02.0799 4676	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:50:02.0815 4676	FltMgr - ok
20:50:02.0861 4676	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:50:02.0877 4676	FsDepends - ok
20:50:02.0939 4676	FSES            (81491719ad2f5bb3563334f87c82f734) C:\Windows\system32\drivers\fses.sys
20:50:02.0955 4676	FSES - ok
20:50:02.0955 4676	FSFW            (b5b3d6eb4f40abfc4f28be0e5b5538e5) C:\Windows\system32\drivers\fsdfw.sys
20:50:02.0986 4676	FSFW - ok
20:50:03.0142 4676	fsvista         (8a920e6cff3163c843c06e14cf787bd8) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys
20:50:03.0158 4676	fsvista - ok
20:50:03.0298 4676	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:50:03.0314 4676	Fs_Rec - ok
20:50:03.0376 4676	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:50:03.0470 4676	fvevol - ok
20:50:03.0517 4676	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:50:03.0548 4676	gagp30kx - ok
20:50:03.0610 4676	gdrv - ok
20:50:03.0704 4676	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:50:03.0766 4676	hcw85cir - ok
20:50:03.0829 4676	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:50:03.0953 4676	HdAudAddService - ok
20:50:04.0141 4676	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:50:04.0265 4676	HDAudBus - ok
20:50:04.0328 4676	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:50:04.0359 4676	HidBatt - ok
20:50:04.0390 4676	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:50:04.0515 4676	HidBth - ok
20:50:04.0702 4676	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:50:04.0733 4676	HidIr - ok
20:50:04.0827 4676	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:50:04.0858 4676	HidUsb - ok
20:50:04.0921 4676	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:50:04.0936 4676	HpSAMD - ok
20:50:05.0077 4676	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:50:05.0170 4676	HTTP - ok
20:50:05.0217 4676	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:50:05.0233 4676	hwpolicy - ok
20:50:05.0295 4676	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:50:05.0373 4676	i8042prt - ok
20:50:05.0591 4676	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:50:05.0685 4676	iaStorV - ok
20:50:05.0919 4676	igfx            (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:50:06.0278 4676	igfx - ok
20:50:06.0465 4676	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:50:06.0512 4676	iirsp - ok
20:50:06.0605 4676	IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys
20:50:06.0715 4676	IntcAzAudAddService - ok
20:50:06.0886 4676	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:50:06.0902 4676	intelide - ok
20:50:06.0964 4676	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:50:07.0011 4676	intelppm - ok
20:50:07.0058 4676	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:07.0183 4676	IpFilterDriver - ok
20:50:07.0417 4676	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:50:07.0432 4676	IPMIDRV - ok
20:50:07.0495 4676	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:50:07.0557 4676	IPNAT - ok
20:50:07.0588 4676	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:50:07.0635 4676	IRENUM - ok
20:50:07.0744 4676	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:50:07.0760 4676	isapnp - ok
20:50:07.0853 4676	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:50:07.0869 4676	iScsiPrt - ok
20:50:07.0900 4676	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:50:07.0916 4676	kbdclass - ok
20:50:07.0931 4676	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:50:07.0963 4676	kbdhid - ok
20:50:08.0025 4676	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:50:08.0119 4676	KSecDD - ok
20:50:08.0275 4676	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:50:08.0290 4676	KSecPkg - ok
20:50:08.0337 4676	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:50:08.0384 4676	ksthunk - ok
20:50:08.0493 4676	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:50:08.0509 4676	lirsgt - ok
20:50:08.0649 4676	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:50:08.0696 4676	lltdio - ok
20:50:08.0789 4676	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:50:08.0899 4676	LSI_FC - ok
20:50:09.0039 4676	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:50:09.0055 4676	LSI_SAS - ok
20:50:09.0117 4676	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:50:09.0133 4676	LSI_SAS2 - ok
20:50:09.0148 4676	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:50:09.0164 4676	LSI_SCSI - ok
20:50:09.0195 4676	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:50:09.0257 4676	luafv - ok
20:50:09.0320 4676	mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
20:50:09.0351 4676	mcdbus - ok
20:50:09.0491 4676	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:50:09.0507 4676	megasas - ok
20:50:09.0585 4676	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:50:09.0601 4676	MegaSR - ok
20:50:09.0632 4676	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:50:09.0647 4676	MEIx64 - ok
20:50:09.0694 4676	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:50:09.0757 4676	Modem - ok
20:50:09.0897 4676	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:50:09.0928 4676	monitor - ok
20:50:10.0006 4676	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:50:10.0022 4676	mouclass - ok
20:50:10.0069 4676	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:50:10.0115 4676	mouhid - ok
20:50:10.0271 4676	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:50:10.0287 4676	mountmgr - ok
20:50:10.0334 4676	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:50:10.0349 4676	mpio - ok
20:50:10.0381 4676	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:50:10.0427 4676	mpsdrv - ok
20:50:10.0490 4676	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:50:10.0599 4676	MRxDAV - ok
20:50:10.0755 4676	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:10.0817 4676	mrxsmb - ok
20:50:10.0833 4676	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:10.0927 4676	mrxsmb10 - ok
20:50:10.0958 4676	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:10.0973 4676	mrxsmb20 - ok
20:50:11.0020 4676	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:50:11.0036 4676	msahci - ok
20:50:11.0207 4676	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:50:11.0285 4676	msdsm - ok
20:50:11.0379 4676	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:50:11.0410 4676	Msfs - ok
20:50:11.0441 4676	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:50:11.0473 4676	mshidkmdf - ok
20:50:11.0535 4676	MSICDSetup - ok
20:50:11.0691 4676	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:50:11.0707 4676	msisadrv - ok
20:50:11.0769 4676	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:50:11.0816 4676	MSKSSRV - ok
20:50:11.0847 4676	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:11.0909 4676	MSPCLOCK - ok
20:50:11.0925 4676	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:50:11.0972 4676	MSPQM - ok
20:50:12.0050 4676	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:50:12.0097 4676	MsRPC - ok
20:50:12.0253 4676	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:50:12.0268 4676	mssmbios - ok
20:50:12.0331 4676	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:50:12.0393 4676	MSTEE - ok
20:50:12.0409 4676	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:50:12.0455 4676	MTConfig - ok
20:50:12.0471 4676	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:50:12.0502 4676	Mup - ok
20:50:12.0643 4676	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:50:12.0721 4676	NativeWifiP - ok
20:50:12.0814 4676	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:50:12.0955 4676	NDIS - ok
20:50:13.0142 4676	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:50:13.0189 4676	NdisCap - ok
20:50:13.0220 4676	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:13.0267 4676	NdisTapi - ok
20:50:13.0360 4676	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:13.0407 4676	Ndisuio - ok
20:50:13.0469 4676	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:13.0532 4676	NdisWan - ok
20:50:13.0703 4676	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:50:13.0750 4676	NDProxy - ok
20:50:13.0813 4676	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:50:13.0891 4676	NetBIOS - ok
20:50:13.0953 4676	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:50:13.0984 4676	NetBT - ok
20:50:14.0187 4676	netr28x         (6062a56212427045b03a81375a39b1a8) C:\Windows\system32\DRIVERS\netr28x.sys
20:50:14.0312 4676	netr28x - ok
20:50:14.0390 4676	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:14.0405 4676	nfrd960 - ok
20:50:14.0561 4676	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:50:14.0608 4676	Npfs - ok
20:50:14.0639 4676	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:50:14.0702 4676	nsiproxy - ok
20:50:14.0749 4676	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:50:14.0842 4676	Ntfs - ok
20:50:14.0998 4676	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:50:15.0061 4676	Null - ok
20:50:15.0154 4676	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
20:50:15.0248 4676	NVHDA - ok
20:50:15.0560 4676	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:50:15.0841 4676	nvlddmkm - ok
20:50:16.0012 4676	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:50:16.0028 4676	nvraid - ok
20:50:16.0059 4676	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:50:16.0075 4676	nvstor - ok
20:50:16.0106 4676	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:50:16.0184 4676	nv_agp - ok
20:50:16.0246 4676	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:50:16.0277 4676	ohci1394 - ok
20:50:16.0465 4676	P17             (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
20:50:16.0574 4676	P17 - ok
20:50:16.0667 4676	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:50:16.0683 4676	Parport - ok
20:50:16.0730 4676	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:50:16.0745 4676	partmgr - ok
20:50:16.0917 4676	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:50:17.0011 4676	pci - ok
20:50:17.0042 4676	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:50:17.0057 4676	pciide - ok
20:50:17.0104 4676	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:17.0198 4676	pcmcia - ok
20:50:17.0338 4676	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:50:17.0354 4676	pcw - ok
20:50:17.0416 4676	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:50:17.0697 4676	PEAUTH - ok
20:50:17.0931 4676	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:50:17.0978 4676	PptpMiniport - ok
20:50:18.0040 4676	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:50:18.0087 4676	Processor - ok
20:50:18.0149 4676	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:50:18.0212 4676	Psched - ok
20:50:18.0352 4676	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:50:18.0415 4676	ql2300 - ok
20:50:18.0461 4676	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:18.0477 4676	ql40xx - ok
20:50:18.0493 4676	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:50:18.0539 4676	QWAVEdrv - ok
20:50:18.0664 4676	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:50:18.0695 4676	RasAcd - ok
20:50:18.0758 4676	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:18.0805 4676	RasAgileVpn - ok
20:50:18.0851 4676	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:18.0914 4676	Rasl2tp - ok
20:50:18.0961 4676	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:19.0007 4676	RasPppoe - ok
20:50:19.0039 4676	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:50:19.0101 4676	RasSstp - ok
20:50:19.0273 4676	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:50:19.0304 4676	rdbss - ok
20:50:19.0319 4676	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:19.0366 4676	rdpbus - ok
20:50:19.0413 4676	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:19.0429 4676	RDPCDD - ok
20:50:19.0475 4676	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:50:19.0585 4676	RDPDR - ok
20:50:19.0756 4676	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:50:19.0803 4676	RDPENCDD - ok
20:50:19.0850 4676	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:50:19.0865 4676	RDPREFMP - ok
20:50:19.0928 4676	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:50:19.0990 4676	RdpVideoMiniport - ok
20:50:20.0037 4676	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:50:20.0084 4676	RDPWD - ok
20:50:20.0224 4676	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:50:20.0318 4676	rdyboost - ok
20:50:20.0411 4676	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:50:20.0458 4676	rspndr - ok
20:50:20.0505 4676	RTL8167         (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:50:20.0536 4676	RTL8167 - ok
20:50:20.0692 4676	RTL8192su       (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys
20:50:20.0755 4676	RTL8192su - ok
20:50:20.0848 4676	RzSynapse       (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
20:50:20.0973 4676	RzSynapse - ok
20:50:21.0129 4676	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:50:21.0176 4676	s3cap - ok
20:50:21.0223 4676	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:50:21.0238 4676	sbp2port - ok
20:50:21.0301 4676	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:50:21.0347 4676	scfilter - ok
20:50:21.0425 4676	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:50:21.0488 4676	secdrv - ok
20:50:21.0628 4676	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:50:21.0659 4676	Serenum - ok
20:50:21.0706 4676	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:50:21.0769 4676	Serial - ok
20:50:21.0831 4676	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:50:21.0878 4676	sermouse - ok
20:50:22.0018 4676	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:50:22.0081 4676	sffdisk - ok
20:50:22.0096 4676	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:50:22.0127 4676	sffp_mmc - ok
20:50:22.0159 4676	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:50:22.0174 4676	sffp_sd - ok
20:50:22.0221 4676	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:22.0237 4676	sfloppy - ok
20:50:22.0268 4676	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:22.0283 4676	SiSRaid2 - ok
20:50:22.0299 4676	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:22.0315 4676	SiSRaid4 - ok
20:50:22.0455 4676	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:50:22.0580 4676	Smb - ok
20:50:22.0689 4676	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:50:22.0705 4676	spldr - ok
20:50:22.0720 4676	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:50:22.0829 4676	srv - ok
20:50:22.0970 4676	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:50:23.0048 4676	srv2 - ok
20:50:23.0079 4676	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:50:23.0126 4676	srvnet - ok
20:50:23.0282 4676	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:50:23.0375 4676	stexstor - ok
20:50:23.0469 4676	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:50:23.0485 4676	storflt - ok
20:50:23.0500 4676	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:50:23.0516 4676	storvsc - ok
20:50:23.0563 4676	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:50:23.0578 4676	swenum - ok
20:50:23.0578 4676	Synth3dVsc - ok
20:50:23.0734 4676	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:50:23.0875 4676	Tcpip - ok
20:50:23.0999 4676	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:50:24.0140 4676	TCPIP6 - ok
20:50:24.0187 4676	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:50:24.0233 4676	tcpipreg - ok
20:50:24.0280 4676	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:50:24.0327 4676	TDPIPE - ok
20:50:24.0483 4676	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:50:24.0608 4676	TDTCP - ok
20:50:24.0717 4676	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:50:24.0748 4676	tdx - ok
20:50:24.0795 4676	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:50:24.0795 4676	TermDD - ok
20:50:24.0982 4676	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:25.0029 4676	tssecsrv - ok
20:50:25.0091 4676	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:50:25.0107 4676	TsUsbFlt - ok
20:50:25.0123 4676	tsusbhub - ok
20:50:25.0185 4676	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:50:25.0247 4676	tunnel - ok
20:50:25.0294 4676	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:50:25.0325 4676	uagp35 - ok
20:50:25.0481 4676	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:50:25.0544 4676	udfs - ok
20:50:25.0606 4676	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:50:25.0622 4676	uliagpkx - ok
20:50:25.0669 4676	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:50:25.0731 4676	umbus - ok
20:50:25.0762 4676	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:50:25.0793 4676	UmPass - ok
20:50:25.0949 4676	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:25.0981 4676	usbccgp - ok
20:50:26.0043 4676	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:50:26.0090 4676	usbcir - ok
20:50:26.0152 4676	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:50:26.0183 4676	usbehci - ok
20:50:26.0277 4676	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:50:26.0355 4676	usbhub - ok
20:50:26.0449 4676	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:50:26.0573 4676	usbohci - ok
20:50:26.0683 4676	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:50:26.0792 4676	usbprint - ok
20:50:26.0917 4676	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:50:26.0963 4676	usbscan - ok
20:50:27.0026 4676	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:27.0088 4676	USBSTOR - ok
20:50:27.0182 4676	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:50:27.0197 4676	usbuhci - ok
20:50:27.0291 4676	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:50:27.0307 4676	vdrvroot - ok
20:50:27.0369 4676	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:27.0385 4676	vga - ok
20:50:27.0400 4676	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:50:27.0447 4676	VgaSave - ok
20:50:27.0463 4676	VGPU - ok
20:50:27.0525 4676	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:50:27.0541 4676	vhdmp - ok
20:50:27.0619 4676	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:50:27.0634 4676	viaide - ok
20:50:27.0665 4676	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:50:27.0681 4676	vmbus - ok
20:50:27.0775 4676	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:50:27.0821 4676	VMBusHID - ok
20:50:27.0868 4676	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:50:27.0884 4676	volmgr - ok
20:50:27.0931 4676	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:50:28.0009 4676	volmgrx - ok
20:50:28.0102 4676	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:50:28.0196 4676	volsnap - ok
20:50:28.0367 4676	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:28.0383 4676	vsmraid - ok
20:50:28.0399 4676	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:50:28.0445 4676	vwifibus - ok
20:50:28.0461 4676	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:50:28.0492 4676	vwififlt - ok
20:50:28.0555 4676	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:50:28.0570 4676	vwifimp - ok
20:50:28.0586 4676	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:50:28.0633 4676	WacomPen - ok
20:50:28.0789 4676	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:28.0851 4676	WANARP - ok
20:50:28.0851 4676	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:50:28.0882 4676	Wanarpv6 - ok
20:50:28.0929 4676	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:50:28.0991 4676	Wd - ok
20:50:29.0101 4676	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:50:29.0179 4676	Wdf01000 - ok
20:50:29.0319 4676	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:29.0350 4676	WfpLwf - ok
20:50:29.0366 4676	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:50:29.0444 4676	WIMMount - ok
20:50:29.0584 4676	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:50:29.0615 4676	WmiAcpi - ok
20:50:29.0740 4676	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:50:29.0865 4676	ws2ifsl - ok
20:50:29.0912 4676	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:50:29.0959 4676	WudfPf - ok
20:50:30.0037 4676	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:30.0083 4676	WUDFRd - ok
20:50:30.0146 4676	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:50:30.0208 4676	\Device\Harddisk0\DR0 - ok
20:50:30.0208 4676	Boot (0x1200)   (dcafdc77413775744f900e113bcc05f9) \Device\Harddisk0\DR0\Partition0
20:50:30.0208 4676	\Device\Harddisk0\DR0\Partition0 - ok
20:50:30.0208 4676	============================================================
20:50:30.0208 4676	Scan finished
20:50:30.0208 4676	============================================================
20:50:30.0224 2324	Detected object count: 0
20:50:30.0224 2324	Actual detected object count: 0

Antwort
Seite 1 von 2 1 2

Themen zu Achtung! Ihr Computer wurde gesperrt!
achtung!, center, computer, ebenfalls, erste mal, festgestellt, gen, gesperrt, ihr computer wurde gesperrt, ihr computer wurde gesperrt!, internet, malwarebytes, microsoft, neustart, nicht mehr, nichts, plötzlich, probleme, schließen, security, seite, seiten, software, surfen, systemwiederherstellung, task-manager, tipps, verbietet, windows-xp, öffnet


« Sicherheitswarnungs Virus, Nach Wiederherstellung ohne Probleme, Virus noch auf dem System? | Trojaner Ransom EJ »


Ähnliche Themen: Achtung! Ihr Computer wurde gesperrt!


  1. Achtung ihr computer wurde gesperrt .
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (3)
  2. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 15.03.2012 (6)
  3. Achtung! Ihr Computer wurde gesperrt!!!
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (4)
  4. Achtung! ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 13.03.2012 (4)
  5. Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 11.03.2012 (31)
  6. Achtung! Ihr Computer wurde gesperrt! OTLPE Log
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (1)
  7. Achtung, Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  8. Achtung ihr Computer wurde gesperrt !!!
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (4)
  9. Achtung ihr Computer wurde gesperrt!!
    Log-Analyse und Auswertung - 06.02.2012 (4)
  10. Achtung ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (13)
  11. Achtung ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 05.02.2012 (18)
  12. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 05.02.2012 (11)
  13. Achtung! Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (13)
  14. Achtung! Ihr Computer wurde gesperrt!
    Alles rund um Windows - 03.02.2012 (6)
  15. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 02.02.2012 (5)
  16. Achtung! Ihr Computer wurde gesperrt 100 €
    Log-Analyse und Auswertung - 02.02.2012 (1)
  17. Achtung !Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Achtung! Ihr Computer wurde gesperrt! - Guten Tag zusammen, gestern Abend beim Surfen öffnete sich ein "Wondows Security Center"-Fenster, mit dem Windows-XP Sytle und dem Inhalt: Achtung! Ihr computer wurde gesperrt!!! Bei der Überprüfung der Echtheit - Achtung! Ihr Computer wurde gesperrt!...
Archiv
Du betrachtest: Achtung! Ihr Computer wurde gesperrt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19