2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J

AfricanKing · 12.02.2012, 10:49

Hi.

Antivir hat die beiden o.g. Viren vor 2 Tagen beim Suchlauf gefunden:
Beginne mit der Suche in 'C:\' <ACER>
C:\Users\Name\AppData\Local\Temp\jar_cache2450136851759429983.tmp
[0] Archivtyp: ZIP
--> Applet.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.E
--> u.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.J

Habe das Ding dann in Quarantäne verschoben und dann erstmal Malwarebytes drüberlaufen lassen (20 Funde). Beim 2. Antivir und 2. Malwarebytes Suchlauf wurde dann nix mehr gefunden.
Habe dann eure Schritte abgearbeitet inklusive OTL log erstellt.
Im Anhang sind alle logfiles (auch die antivir und Malwarebytes logfiles).

Wenn sichs irgendwie retten lässt wär das spitze. Würde nur ungern alles plattmachen.

Vielen Dank schonmal im Vorraus.

Gruss, Manuel

cosinus · 12.02.2012, 15:38

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

AfricanKing · 12.02.2012, 17:42

Hi.

Danke schonmal für die schnelle Antwort.
ESET hat nix gefunden.
Hier das log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c7be9802a810d14f86c8ea46bd2cce65
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 04:27:15
# local_time=2012-02-12 06:27:15 (+0200, Südafrika Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 4664893 4664893 0 0
# compatibility_mode=5893 16776573 100 94 0 80690254 0 0
# compatibility_mode=8192 67108863 100 0 834 834 0 0
# scanned=116862
# found=0
# cleaned=0
# scan_time=3631

Gruss, Manuel.

cosinus · 12.02.2012, 18:15

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

AfricanKing · 12.02.2012, 20:26

Ok. Habe das entsprechend den Anweisungen gemacht.

Hier das log:

Code:

ATTFilter

OTL logfile created on: 12.02.2012 21:14:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Name\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 57,76% Memory free
7,35 Gb Paging File | 5,72 Gb Available in Paging File | 77,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,97 Gb Total Space | 241,89 Gb Free Space | 53,40% Space Free | Partition Type: NTFS
 
Computer Name: Name | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Name\Desktop\24960-OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (CDMA Device Service) -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 11:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.12 17:37:36 | 000,000,000 | ---D | M]
 
[2010.12.28 17:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\African King\AppData\Roaming\mozilla\Extensions
[2011.09.05 19:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions
[2011.08.02 18:15:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 17:45:55 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com
[2011.07.03 18:08:28 | 000,003,915 | ---- | M] () -- C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\sweetim.xml
[2011.08.13 16:23:44 | 000,001,565 | ---- | M] () -- C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\web-search.xml
[2012.01.10 07:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\AFRICAN KING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CLKFBUM0.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\AFRICAN KING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CLKFBUM0.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.02.12 11:01:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 13:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.12 11:01:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 11:01:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 11:01:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.18 13:31:31 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.12 11:01:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 11:01:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 11:01:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\African King\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\African King\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\African King\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\African King\Desktop\PartyPoker.lnk ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34C02EAE-7B10-48E4-9BB4-74C3808E0B28}: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F3DD63-151C-44BE-AFE2-A922C904EDDE}: DhcpNameServer = 10.0.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\Shell - "" = AutoRun
O33 - MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 17:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.12 17:05:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\African King\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 11:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.12 11:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.02.12 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\African King\AppData\Local\Cyberlink
[2012.02.12 00:17:25 | 000,000,000 | ---D | C] -- C:\Users\African King\Documents\CyberLink
[2012.02.12 00:17:24 | 000,000,000 | ---D | C] -- C:\Users\African King\AppData\Roaming\CyberLink
[2012.02.12 00:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.02.10 22:08:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\African King\Desktop\24960-OTL.exe
[2012.02.10 22:05:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\African King\Desktop\dds.com
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 21:05:04 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 17:10:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\African King\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 15:14:20 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.12 15:14:20 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.12 15:14:20 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.12 15:14:20 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.12 15:14:20 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.12 11:36:01 | 000,033,520 | ---- | M] () -- C:\Users\African King\Desktop\Logdateien.zip
[2012.02.12 10:47:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 10:47:24 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 10:40:19 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.02.12 10:40:11 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 10:39:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 10:39:06 | 2961,592,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 22:11:32 | 000,000,000 | ---- | M] () -- C:\Users\African King\defogger_reenable
[2012.02.10 22:08:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\African King\Desktop\24960-OTL.exe
[2012.02.10 22:05:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\African King\Desktop\dds.com
[2012.02.10 22:03:48 | 000,050,477 | ---- | M] () -- C:\Users\African King\Desktop\Defogger.exe
[2012.02.10 20:56:52 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 11:07:29 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.12 11:36:01 | 000,033,520 | ---- | C] () -- C:\Users\African King\Desktop\Logdateien.zip
[2012.02.10 22:11:32 | 000,000,000 | ---- | C] () -- C:\Users\African King\defogger_reenable
[2012.02.10 22:03:47 | 000,050,477 | ---- | C] () -- C:\Users\African King\Desktop\Defogger.exe
[2012.02.10 20:56:52 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.10.13 23:36:10 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.07.07 08:16:31 | 000,000,000 | ---- | C] () -- C:\Users\African King\AppData\Local\{AC99B9FE-53CB-4114-AF4B-15C3035D7F80}
[2011.07.03 18:07:19 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.07.03 18:07:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.03 18:07:17 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.03 18:07:17 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.03 18:07:16 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.03 17:52:03 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLGFILE14N.INI
[2011.06.03 15:39:28 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.06.03 09:50:34 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.03 08:13:57 | 000,000,000 | ---- | C] () -- C:\Users\African King\AppData\Local\{EA2FBFF2-6657-4440-84A9-AAAD3486CB48}
[2010.12.28 17:46:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.04 08:32:12 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.12.04 08:25:33 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.12.04 08:25:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.12.04 08:25:33 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.12.04 08:25:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.12.04 08:25:31 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.12.04 08:25:01 | 000,001,817 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.12.03 23:59:25 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.12.03 23:59:25 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.12.03 23:59:24 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.09.08 08:25:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.09.08 08:18:23 | 000,000,321 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010.09.08 08:18:23 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010.09.08 08:18:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.08.02 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\DVDVideoSoft
[2011.08.02 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.21 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Samsung
[2011.09.23 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\SoftGrid Client
[2011.06.03 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\TeamViewer
[2011.06.03 09:51:21 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\TP
[2011.12.08 18:31:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.02 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Adobe
[2011.12.20 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Avira
[2012.02.12 00:17:27 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\CyberLink
[2012.01.26 21:32:55 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\dvdcss
[2011.08.02 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\DVDVideoSoft
[2011.08.02 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.28 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Identities
[2012.01.03 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\InstallShield
[2010.12.28 17:22:07 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Macromedia
[2011.09.18 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Malwarebytes
[2010.09.08 08:28:36 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Media Center Programs
[2011.07.04 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Media Player Classic
[2011.12.21 18:10:50 | 000,000,000 | --SD | M] -- C:\Users\African King\AppData\Roaming\Microsoft
[2010.12.28 17:46:19 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Mozilla
[2011.05.30 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Mozilla-Cache
[2011.09.21 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Samsung
[2012.02.12 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\Skype
[2011.09.23 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\SoftGrid Client
[2011.06.03 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\TeamViewer
[2011.06.03 09:51:21 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\TP
[2011.07.01 20:10:33 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\vlc
[2011.05.18 21:29:57 | 000,000,000 | ---D | M] -- C:\Users\African King\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.21 18:10:50 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\African King\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.12.21 18:10:50 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\African King\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.12.21 18:10:50 | 000,008,854 | R--- | M] () -- C:\Users\African King\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2012.01.12 08:07:19 | 003,904,680 | ---- | M] (Ask) -- C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 05:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\oem\Preload\Autorun\DRV\AHCI\F6\f6flpy-x86\iaStor.sys
[2010.03.04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\oem\Preload\Autorun\DRV\AHCI\F6\f6flpy-x64\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.09.08 07:59:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.09.08 07:59:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.09.08 07:59:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F

< End of report >

cosinus · 12.02.2012, 20:54

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://startsear.ch/?q="
[2012.01.12 17:45:55 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com
[2011.07.03 18:08:28 | 000,003,915 | ---- | M] () -- C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\sweetim.xml
[2011.08.13 16:23:44 | 000,001,565 | ---- | M] () -- C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\web-search.xml
[2011.05.18 13:31:31 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\African King\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\African King\Desktop\PartyPoker.lnk ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\Shell - "" = AutoRun
O33 - MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

AfricanKing · 12.02.2012, 21:53

Hi.

Habe die Anweisungen befolgt:
Nach dem Neustart hat sich das log geöffnet:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named Program Files was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2039289562-3748197240-2934368891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search..." removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://startsear.ch/?q=" removed from keyword.URL
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-21-Sep-2011-20-31-51-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-21-Sep-2011-17-43-58-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-14-Dec-2011-17-25-19-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-18-31-39-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-15-49-45-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-24-Nov-2011-06-06-12-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-12-Jan-2012-15-45-55-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-09-Feb-2012-18-25-07-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-15-Oct-2011-21-06-13-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-07-Jan-2012-08-45-53-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-05-Sep-2011-21-07-55-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-28-Oct-2011-17-19-08-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-14-Oct-2011-18-15-20-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-06-Jan-2012-06-02-28-GMT folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\African King\AppData\Roaming\mozilla\Firefox\Profiles\clkfbum0.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\sweetim.xml moved successfully.
C:\Users\African King\AppData\Roaming\Mozilla\Firefox\Profiles\clkfbum0.default\searchplugins\web-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2039289562-3748197240-2934368891-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Users\African King\Desktop\PartyPoker.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Users\African King\Desktop\PartyPoker.lnk not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a86d8e6a-b35f-11e0-8d10-206a8a27102f}\ not found.
File D:\LaunchU3.exe -a not found.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Name
->Temp folder emptied: 280482599 bytes
->Temporary Internet Files folder emptied: 113049334 bytes
->Java cache emptied: 351908 bytes
->FireFox cache emptied: 110810886 bytes
->Google Chrome cache emptied: 6418412 bytes
->Flash cache emptied: 50957 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143891156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68023 bytes
RecycleBin emptied: 22163376830 bytes
 
Total Files Cleaned = 21.761,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_224131

Files\Folders moved on Reboot...
C:\Users\African King\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 13.02.2012, 11:22

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

AfricanKing · 13.02.2012, 12:26

Hi.

bin dir echt sehr dankbar fuer deine schnelle Hilfe. Ich mache das sobald ich zu Hause bin heut abend.
Bezueglich des unhide.exe. Bisher sind mir keine Dateien oder Verzeichnisser aufgefallen, auf die ich keinen Zugriff habe. Pruefe das spaeter nochmal. Falls mir nix auffaellt, soll ich unhide.exe trotzdem ausfuehren?

Danke.

cosinus · 13.02.2012, 13:14

Nein wenn alles sichtbar ist brauchst du die unhide nicht

AfricanKing · 13.02.2012, 15:20

Hi.

Sorry, aber ich hab noch eine Frage bezueglich des TDSSKiller. Hab mir die Anleitung bei Kaspersky mal durchgelesen und da steht, dass bei Erkennung von schaedlichen Objekten automatisch entweder "delete" oder "cure" ausgefuehrt wird. Oder gibt es da auch eine Skip-Funktion?
Bei verdaechtigen Objekten ist es klar. Will nur sichergehen, dass ich da alles richtig mache.
Falls ein schaedliches Objekt erkannt wird, dann "delete" oder "cure"?

Danke.

cosinus · 13.02.2012, 15:47

Ja skip musst du bei allen machen. ich will ertsmal nur sehen was da ist, mehr nicht

AfricanKing · 13.02.2012, 16:47

Hi.

Ich hab TDSS-Killer von eurem link und als zip von der kaspersky seite runtergeladen. Bei beidem hat antivir folgende Meldung gebracht:
In der Datei 'C:\Users\Name\Downloads\tdsskiller\TDSSKiller.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ist das ne Fehlmeldung?

AfricanKing · 13.02.2012, 19:40

Hab mal bei google geschaut wegen der avira meldung. Das ist laut mehrerer Foren ne Fehlmeldung. Habs jetzt riskiert und avira deaktiviert und den scan durchgeführt. Hat nix gefunden. Hier das log:

Code:

ATTFilter

20:30:38.0728 5112	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
20:30:39.0427 5112	============================================================
20:30:39.0427 5112	Current date / time: 2012/02/13 20:30:39.0427
20:30:39.0427 5112	SystemInfo:
20:30:39.0427 5112	
20:30:39.0427 5112	OS Version: 6.1.7600 ServicePack: 0.0
20:30:39.0427 5112	Product type: Workstation
20:30:39.0427 5112	ComputerName:
20:30:39.0427 5112	UserName:
20:30:39.0427 5112	Windows directory: C:\Windows
20:30:39.0427 5112	System windows directory: C:\Windows
20:30:39.0428 5112	Running under WOW64
20:30:39.0428 5112	Processor architecture: Intel x64
20:30:39.0428 5112	Number of processors: 4
20:30:39.0428 5112	Page size: 0x1000
20:30:39.0428 5112	Boot type: Normal boot
20:30:39.0428 5112	============================================================
20:30:39.0932 5112	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:39.0948 5112	\Device\Harddisk0\DR0:
20:30:39.0948 5112	MBR used
20:30:39.0948 5112	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
20:30:39.0948 5112	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
20:30:39.0990 5112	Initialize success
20:30:39.0990 5112	============================================================
20:31:09.0357 5456	============================================================
20:31:09.0357 5456	Scan started
20:31:09.0357 5456	Mode: Manual; SigCheck; TDLFS; 
20:31:09.0357 5456	============================================================
20:31:09.0896 5456	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:31:10.0004 5456	1394ohci - ok
20:31:10.0106 5456	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:31:10.0145 5456	ACPI - ok
20:31:10.0203 5456	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:31:10.0296 5456	AcpiPmi - ok
20:31:10.0417 5456	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:31:10.0455 5456	adp94xx - ok
20:31:10.0535 5456	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:31:10.0570 5456	adpahci - ok
20:31:10.0631 5456	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:31:10.0649 5456	adpu320 - ok
20:31:10.0756 5456	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:31:10.0812 5456	AFD - ok
20:31:10.0908 5456	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:31:10.0938 5456	agp440 - ok
20:31:11.0052 5456	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:31:11.0079 5456	aliide - ok
20:31:11.0121 5456	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:31:11.0142 5456	amdide - ok
20:31:11.0230 5456	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:31:11.0277 5456	AmdK8 - ok
20:31:11.0306 5456	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:31:11.0344 5456	AmdPPM - ok
20:31:11.0437 5456	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:31:11.0463 5456	amdsata - ok
20:31:11.0515 5456	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:31:11.0532 5456	amdsbs - ok
20:31:11.0586 5456	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:31:11.0615 5456	amdxata - ok
20:31:11.0659 5456	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:31:11.0715 5456	androidusb - ok
20:31:11.0876 5456	ApfiltrService  (b2525b0e96c81bbc4872a495171d0bad) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:31:11.0912 5456	ApfiltrService - ok
20:31:11.0964 5456	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:31:12.0087 5456	AppID - ok
20:31:12.0180 5456	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:31:12.0205 5456	arc - ok
20:31:12.0240 5456	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:31:12.0255 5456	arcsas - ok
20:31:12.0315 5456	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:12.0509 5456	AsyncMac - ok
20:31:12.0631 5456	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:31:12.0651 5456	atapi - ok
20:31:12.0707 5456	AthBTPort       (1c60a629ad4ffd06d80cd522b92cdb7c) C:\Windows\system32\DRIVERS\btath_flt.sys
20:31:12.0726 5456	AthBTPort - ok
20:31:12.0798 5456	ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
20:31:12.0818 5456	ATHDFU - ok
20:31:13.0006 5456	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
20:31:13.0114 5456	athr - ok
20:31:13.0240 5456	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:31:13.0267 5456	avgntflt - ok
20:31:13.0339 5456	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:31:13.0365 5456	avipbb - ok
20:31:13.0408 5456	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:31:13.0423 5456	avkmgr - ok
20:31:13.0552 5456	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:31:13.0620 5456	b06bdrv - ok
20:31:13.0741 5456	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:13.0787 5456	b57nd60a - ok
20:31:13.0937 5456	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:31:14.0029 5456	BCM43XX - ok
20:31:14.0156 5456	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:31:14.0250 5456	Beep - ok
20:31:14.0374 5456	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:14.0413 5456	blbdrive - ok
20:31:14.0496 5456	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:31:14.0552 5456	bowser - ok
20:31:14.0650 5456	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:31:14.0695 5456	BrFiltLo - ok
20:31:14.0727 5456	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:31:14.0769 5456	BrFiltUp - ok
20:31:14.0855 5456	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:31:14.0910 5456	Brserid - ok
20:31:15.0015 5456	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:15.0058 5456	BrSerWdm - ok
20:31:15.0162 5456	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:15.0209 5456	BrUsbMdm - ok
20:31:15.0250 5456	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:15.0307 5456	BrUsbSer - ok
20:31:15.0420 5456	BTATH_A2DP      (89f5586e80b42ca4e98b3efdafcad1b8) C:\Windows\system32\drivers\btath_a2dp.sys
20:31:15.0443 5456	BTATH_A2DP - ok
20:31:15.0535 5456	BTATH_BUS       (bc14a513c0120919a019e18061faca46) C:\Windows\system32\DRIVERS\btath_bus.sys
20:31:15.0552 5456	BTATH_BUS - ok
20:31:15.0622 5456	BTATH_HCRP      (76e867c34242d16e3418aa9a9430d96a) C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:31:15.0649 5456	BTATH_HCRP - ok
20:31:15.0705 5456	BTATH_LWFLT     (6409827297daf3699643e9f6ec5c2cd2) C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:31:15.0714 5456	BTATH_LWFLT - ok
20:31:15.0773 5456	BTATH_RCP       (2b53167c52a1730a59edfd3c83deff70) C:\Windows\system32\DRIVERS\btath_rcp.sys
20:31:15.0793 5456	BTATH_RCP - ok
20:31:15.0965 5456	BtFilter        (9b014e62bd3541812a0b2a46459b31d7) C:\Windows\system32\DRIVERS\btfilter.sys
20:31:15.0990 5456	BtFilter - ok
20:31:16.0111 5456	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:31:16.0168 5456	BthEnum - ok
20:31:16.0282 5456	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:31:16.0328 5456	BTHMODEM - ok
20:31:16.0461 5456	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:31:16.0510 5456	BthPan - ok
20:31:16.0597 5456	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
20:31:16.0637 5456	BTHPORT - ok
20:31:16.0762 5456	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
20:31:16.0791 5456	BTHUSB - ok
20:31:16.0877 5456	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:31:16.0963 5456	cdfs - ok
20:31:17.0102 5456	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:31:17.0148 5456	cdrom - ok
20:31:17.0272 5456	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:31:17.0321 5456	circlass - ok
20:31:17.0419 5456	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:31:17.0464 5456	CLFS - ok
20:31:17.0598 5456	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:17.0634 5456	CmBatt - ok
20:31:17.0706 5456	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:31:17.0728 5456	cmdide - ok
20:31:17.0817 5456	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:31:17.0876 5456	CNG - ok
20:31:17.0973 5456	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:31:17.0993 5456	Compbatt - ok
20:31:18.0085 5456	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:18.0145 5456	CompositeBus - ok
20:31:18.0273 5456	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:31:18.0295 5456	crcdisk - ok
20:31:18.0457 5456	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:31:18.0538 5456	DfsC - ok
20:31:18.0617 5456	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:31:18.0699 5456	discache - ok
20:31:18.0819 5456	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:31:18.0843 5456	Disk - ok
20:31:18.0896 5456	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:31:18.0929 5456	drmkaud - ok
20:31:19.0082 5456	DXGKrnl         (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
20:31:19.0155 5456	DXGKrnl - ok
20:31:19.0348 5456	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:31:19.0486 5456	ebdrv - ok
20:31:19.0644 5456	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:31:19.0667 5456	ElbyCDIO - ok
20:31:19.0768 5456	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:31:19.0807 5456	elxstor - ok
20:31:19.0940 5456	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:31:19.0987 5456	ErrDev - ok
20:31:20.0137 5456	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:31:20.0226 5456	exfat - ok
20:31:20.0364 5456	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:31:20.0450 5456	fastfat - ok
20:31:20.0578 5456	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:31:20.0610 5456	fdc - ok
20:31:20.0736 5456	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:31:20.0766 5456	FileInfo - ok
20:31:20.0815 5456	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:31:20.0901 5456	Filetrace - ok
20:31:21.0018 5456	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:21.0049 5456	flpydisk - ok
20:31:21.0107 5456	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:31:21.0135 5456	FltMgr - ok
20:31:21.0183 5456	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:31:21.0197 5456	FsDepends - ok
20:31:21.0216 5456	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:31:21.0228 5456	Fs_Rec - ok
20:31:21.0285 5456	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:31:21.0305 5456	fvevol - ok
20:31:21.0423 5456	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:21.0444 5456	gagp30kx - ok
20:31:21.0610 5456	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:31:21.0671 5456	hcw85cir - ok
20:31:21.0782 5456	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:31:21.0839 5456	HdAudAddService - ok
20:31:21.0966 5456	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:22.0022 5456	HDAudBus - ok
20:31:22.0144 5456	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:31:22.0160 5456	HECIx64 - ok
20:31:22.0245 5456	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:22.0286 5456	HidBatt - ok
20:31:22.0398 5456	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:31:22.0445 5456	HidBth - ok
20:31:22.0506 5456	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:31:22.0555 5456	HidIr - ok
20:31:22.0694 5456	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:31:22.0734 5456	HidUsb - ok
20:31:22.0865 5456	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:31:22.0890 5456	HpSAMD - ok
20:31:22.0969 5456	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:31:23.0061 5456	HTTP - ok
20:31:23.0171 5456	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:31:23.0193 5456	hwpolicy - ok
20:31:23.0335 5456	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:23.0362 5456	i8042prt - ok
20:31:23.0472 5456	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:31:23.0500 5456	iaStor - ok
20:31:23.0640 5456	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:31:23.0678 5456	iaStorV - ok
20:31:23.0921 5456	igfx            (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:24.0364 5456	igfx - ok
20:31:24.0499 5456	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:31:24.0526 5456	iirsp - ok
20:31:24.0674 5456	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:31:24.0727 5456	Impcd - ok
20:31:24.0915 5456	IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
20:31:25.0031 5456	IntcAzAudAddService - ok
20:31:25.0172 5456	IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:31:25.0234 5456	IntcDAud - ok
20:31:25.0342 5456	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:31:25.0370 5456	intelide - ok
20:31:25.0476 5456	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:31:25.0515 5456	intelppm - ok
20:31:25.0660 5456	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:25.0736 5456	IpFilterDriver - ok
20:31:25.0854 5456	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:31:25.0897 5456	IPMIDRV - ok
20:31:26.0022 5456	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:31:26.0114 5456	IPNAT - ok
20:31:26.0261 5456	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:31:26.0348 5456	IRENUM - ok
20:31:26.0454 5456	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:31:26.0478 5456	isapnp - ok
20:31:26.0526 5456	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:26.0560 5456	iScsiPrt - ok
20:31:26.0610 5456	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:26.0639 5456	kbdclass - ok
20:31:26.0685 5456	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:26.0736 5456	kbdhid - ok
20:31:26.0810 5456	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:31:26.0835 5456	KSecDD - ok
20:31:26.0902 5456	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:31:26.0931 5456	KSecPkg - ok
20:31:27.0071 5456	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:31:27.0153 5456	ksthunk - ok
20:31:27.0279 5456	L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:31:27.0296 5456	L1C - ok
20:31:27.0427 5456	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
20:31:27.0452 5456	L1E - ok
20:31:27.0596 5456	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:31:27.0667 5456	lltdio - ok
20:31:27.0830 5456	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:27.0861 5456	LSI_FC - ok
20:31:27.0987 5456	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:28.0014 5456	LSI_SAS - ok
20:31:28.0050 5456	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:28.0064 5456	LSI_SAS2 - ok
20:31:28.0117 5456	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:28.0147 5456	LSI_SCSI - ok
20:31:28.0248 5456	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:31:28.0325 5456	luafv - ok
20:31:28.0462 5456	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:31:28.0482 5456	megasas - ok
20:31:28.0542 5456	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:28.0566 5456	MegaSR - ok
20:31:28.0688 5456	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:31:28.0763 5456	Modem - ok
20:31:28.0822 5456	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:31:28.0873 5456	monitor - ok
20:31:28.0993 5456	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:31:29.0022 5456	mouclass - ok
20:31:29.0170 5456	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:31:29.0196 5456	mouhid - ok
20:31:29.0350 5456	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:31:29.0379 5456	mountmgr - ok
20:31:29.0528 5456	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:31:29.0555 5456	mpio - ok
20:31:29.0707 5456	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:31:29.0792 5456	mpsdrv - ok
20:31:29.0954 5456	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:31:30.0007 5456	MRxDAV - ok
20:31:30.0161 5456	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:30.0208 5456	mrxsmb - ok
20:31:30.0370 5456	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:30.0447 5456	mrxsmb10 - ok
20:31:30.0582 5456	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:30.0625 5456	mrxsmb20 - ok
20:31:30.0728 5456	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:31:30.0754 5456	msahci - ok
20:31:30.0845 5456	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:31:30.0873 5456	msdsm - ok
20:31:30.0980 5456	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:31:31.0054 5456	Msfs - ok
20:31:31.0167 5456	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:31:31.0258 5456	mshidkmdf - ok
20:31:31.0346 5456	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:31:31.0367 5456	msisadrv - ok
20:31:31.0479 5456	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:31:31.0557 5456	MSKSSRV - ok
20:31:31.0635 5456	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:31.0700 5456	MSPCLOCK - ok
20:31:31.0774 5456	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:31:31.0863 5456	MSPQM - ok
20:31:31.0953 5456	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:31:31.0988 5456	MsRPC - ok
20:31:32.0058 5456	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:32.0071 5456	mssmbios - ok
20:31:32.0145 5456	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:31:32.0230 5456	MSTEE - ok
20:31:32.0323 5456	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:32.0360 5456	MTConfig - ok
20:31:32.0450 5456	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:31:32.0476 5456	Mup - ok
20:31:32.0630 5456	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:31:32.0648 5456	mwlPSDFilter - ok
20:31:32.0781 5456	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:31:32.0798 5456	mwlPSDNServ - ok
20:31:32.0934 5456	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:31:32.0953 5456	mwlPSDVDisk - ok
20:31:33.0130 5456	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:31:33.0183 5456	NativeWifiP - ok
20:31:33.0356 5456	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:31:33.0428 5456	NDIS - ok
20:31:33.0568 5456	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:33.0654 5456	NdisCap - ok
20:31:33.0805 5456	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:33.0892 5456	NdisTapi - ok
20:31:34.0045 5456	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:34.0119 5456	Ndisuio - ok
20:31:34.0276 5456	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:34.0359 5456	NdisWan - ok
20:31:34.0517 5456	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:31:34.0587 5456	NDProxy - ok
20:31:34.0750 5456	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:31:34.0812 5456	NetBIOS - ok
20:31:34.0969 5456	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:31:35.0060 5456	NetBT - ok
20:31:35.0238 5456	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:35.0267 5456	nfrd960 - ok
20:31:35.0426 5456	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:31:35.0526 5456	Npfs - ok
20:31:35.0684 5456	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:31:35.0762 5456	nsiproxy - ok
20:31:35.0970 5456	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:31:36.0047 5456	Ntfs - ok
20:31:36.0172 5456	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:31:36.0191 5456	NTIDrvr - ok
20:31:36.0347 5456	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:31:36.0424 5456	Null - ok
20:31:36.0571 5456	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:31:36.0599 5456	nvraid - ok
20:31:36.0767 5456	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:31:36.0794 5456	nvstor - ok
20:31:36.0982 5456	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:31:37.0012 5456	nv_agp - ok
20:31:37.0160 5456	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:31:37.0185 5456	ohci1394 - ok
20:31:37.0384 5456	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:31:37.0416 5456	Parport - ok
20:31:37.0565 5456	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:31:37.0585 5456	partmgr - ok
20:31:37.0739 5456	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:31:37.0770 5456	pci - ok
20:31:37.0919 5456	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:31:37.0939 5456	pciide - ok
20:31:38.0087 5456	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:38.0115 5456	pcmcia - ok
20:31:38.0259 5456	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:31:38.0287 5456	pcw - ok
20:31:38.0449 5456	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:31:38.0548 5456	PEAUTH - ok
20:31:38.0736 5456	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:31:38.0818 5456	PptpMiniport - ok
20:31:38.0971 5456	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:31:39.0012 5456	Processor - ok
20:31:39.0198 5456	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:31:39.0293 5456	Psched - ok
20:31:39.0503 5456	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:31:39.0582 5456	ql2300 - ok
20:31:39.0729 5456	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:39.0756 5456	ql40xx - ok
20:31:39.0895 5456	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:31:39.0942 5456	QWAVEdrv - ok
20:31:40.0083 5456	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:31:40.0174 5456	RasAcd - ok
20:31:40.0309 5456	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:40.0388 5456	RasAgileVpn - ok
20:31:40.0546 5456	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:40.0624 5456	Rasl2tp - ok
20:31:40.0777 5456	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:40.0858 5456	RasPppoe - ok
20:31:41.0006 5456	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:31:41.0094 5456	RasSstp - ok
20:31:41.0248 5456	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:31:41.0316 5456	rdbss - ok
20:31:41.0422 5456	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:41.0471 5456	rdpbus - ok
20:31:41.0618 5456	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:41.0700 5456	RDPCDD - ok
20:31:41.0838 5456	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:31:41.0931 5456	RDPENCDD - ok
20:31:42.0042 5456	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:31:42.0102 5456	RDPREFMP - ok
20:31:42.0243 5456	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:31:42.0336 5456	RDPWD - ok
20:31:42.0506 5456	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
20:31:42.0535 5456	rdyboost - ok
20:31:42.0713 5456	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:31:42.0757 5456	RFCOMM - ok
20:31:42.0910 5456	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:31:42.0994 5456	rspndr - ok
20:31:43.0165 5456	RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
20:31:43.0190 5456	RSUSBSTOR - ok
20:31:43.0300 5456	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:31:43.0325 5456	sbp2port - ok
20:31:43.0431 5456	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:31:43.0525 5456	scfilter - ok
20:31:43.0677 5456	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:31:43.0749 5456	secdrv - ok
20:31:43.0867 5456	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:31:43.0898 5456	Serenum - ok
20:31:44.0013 5456	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:31:44.0051 5456	Serial - ok
20:31:44.0223 5456	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:31:44.0256 5456	sermouse - ok
20:31:44.0412 5456	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:31:44.0464 5456	sffdisk - ok
20:31:44.0612 5456	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:31:44.0650 5456	sffp_mmc - ok
20:31:44.0804 5456	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:31:44.0840 5456	sffp_sd - ok
20:31:44.0990 5456	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:45.0030 5456	sfloppy - ok
20:31:45.0220 5456	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:31:45.0262 5456	Sftfs - ok
20:31:45.0441 5456	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:31:45.0476 5456	Sftplay - ok
20:31:45.0618 5456	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:31:45.0639 5456	Sftredir - ok
20:31:45.0750 5456	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:31:45.0773 5456	Sftvol - ok
20:31:45.0957 5456	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:45.0979 5456	SiSRaid2 - ok
20:31:46.0080 5456	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:46.0105 5456	SiSRaid4 - ok
20:31:46.0248 5456	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:31:46.0326 5456	Smb - ok
20:31:46.0505 5456	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:31:46.0527 5456	spldr - ok
20:31:46.0655 5456	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:31:46.0699 5456	srv - ok
20:31:46.0819 5456	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:31:46.0866 5456	srv2 - ok
20:31:46.0973 5456	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:31:47.0023 5456	srvnet - ok
20:31:47.0182 5456	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:31:47.0203 5456	ssadbus - ok
20:31:47.0333 5456	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:31:47.0348 5456	ssadmdfl - ok
20:31:47.0455 5456	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:31:47.0479 5456	ssadmdm - ok
20:31:47.0600 5456	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:31:47.0627 5456	stexstor - ok
20:31:47.0732 5456	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:31:47.0761 5456	swenum - ok
20:31:47.0943 5456	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:31:48.0020 5456	Tcpip - ok
20:31:48.0223 5456	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:31:48.0282 5456	TCPIP6 - ok
20:31:48.0436 5456	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:31:48.0516 5456	tcpipreg - ok
20:31:48.0670 5456	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:31:48.0749 5456	TDPIPE - ok
20:31:48.0893 5456	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:31:48.0959 5456	TDTCP - ok
20:31:49.0112 5456	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:31:49.0195 5456	tdx - ok
20:31:49.0340 5456	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:31:49.0364 5456	TermDD - ok
20:31:49.0524 5456	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:49.0609 5456	tssecsrv - ok
20:31:49.0771 5456	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:31:49.0856 5456	tunnel - ok
20:31:50.0015 5456	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
20:31:50.0032 5456	TurboB - ok
20:31:50.0182 5456	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:31:50.0206 5456	uagp35 - ok
20:31:50.0360 5456	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:31:50.0370 5456	UBHelper - ok
20:31:50.0521 5456	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:31:50.0601 5456	udfs - ok
20:31:50.0765 5456	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:31:50.0789 5456	uliagpkx - ok
20:31:50.0950 5456	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:31:50.0987 5456	umbus - ok
20:31:51.0128 5456	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:31:51.0159 5456	UmPass - ok
20:31:51.0357 5456	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:51.0430 5456	usbccgp - ok
20:31:51.0594 5456	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:31:51.0637 5456	usbcir - ok
20:31:51.0799 5456	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
20:31:51.0826 5456	usbehci - ok
20:31:52.0005 5456	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:31:52.0050 5456	usbhub - ok
20:31:52.0221 5456	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:31:52.0268 5456	usbohci - ok
20:31:52.0406 5456	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:31:52.0456 5456	usbprint - ok
20:31:52.0605 5456	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:52.0680 5456	USBSTOR - ok
20:31:52.0835 5456	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
20:31:52.0878 5456	usbuhci - ok
20:31:53.0052 5456	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
20:31:53.0098 5456	usbvideo - ok
20:31:53.0249 5456	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:31:53.0307 5456	VClone - ok
20:31:53.0444 5456	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:31:53.0470 5456	vdrvroot - ok
20:31:53.0599 5456	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:53.0628 5456	vga - ok
20:31:53.0735 5456	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:31:53.0819 5456	VgaSave - ok
20:31:53.0967 5456	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:31:53.0996 5456	vhdmp - ok
20:31:54.0108 5456	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:31:54.0133 5456	viaide - ok
20:31:54.0268 5456	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:31:54.0289 5456	volmgr - ok
20:31:54.0366 5456	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:31:54.0399 5456	volmgrx - ok
20:31:54.0474 5456	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:31:54.0510 5456	volsnap - ok
20:31:54.0605 5456	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:31:54.0626 5456	vsmraid - ok
20:31:54.0708 5456	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:31:54.0740 5456	vwifibus - ok
20:31:54.0803 5456	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:31:54.0848 5456	vwififlt - ok
20:31:54.0992 5456	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:31:55.0032 5456	vwifimp - ok
20:31:55.0199 5456	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:31:55.0240 5456	WacomPen - ok
20:31:55.0381 5456	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:55.0470 5456	WANARP - ok
20:31:55.0485 5456	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:31:55.0540 5456	Wanarpv6 - ok
20:31:55.0700 5456	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:31:55.0724 5456	Wd - ok
20:31:55.0880 5456	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:31:55.0930 5456	Wdf01000 - ok
20:31:56.0089 5456	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:56.0155 5456	WfpLwf - ok
20:31:56.0314 5456	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:31:56.0336 5456	WIMMount - ok
20:31:56.0532 5456	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:56.0564 5456	WinUsb - ok
20:31:56.0709 5456	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:31:56.0749 5456	WmiAcpi - ok
20:31:56.0925 5456	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:31:57.0004 5456	ws2ifsl - ok
20:31:57.0154 5456	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:31:57.0245 5456	WudfPf - ok
20:31:57.0412 5456	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:57.0498 5456	WUDFRd - ok
20:31:57.0542 5456	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:31:57.0758 5456	\Device\Harddisk0\DR0 - ok
20:31:57.0766 5456	Boot (0x1200)   (9f900bb77fd77681ba37dd7a0c64ab1f) \Device\Harddisk0\DR0\Partition0
20:31:57.0768 5456	\Device\Harddisk0\DR0\Partition0 - ok
20:31:57.0808 5456	Boot (0x1200)   (304adf06b61ce3c9fd4a0b48836e3e74) \Device\Harddisk0\DR0\Partition1
20:31:57.0810 5456	\Device\Harddisk0\DR0\Partition1 - ok
20:31:57.0811 5456	============================================================
20:31:57.0811 5456	Scan finished
20:31:57.0811 5456	============================================================
20:31:57.0844 5372	Detected object count: 0
20:31:57.0844 5372	Actual detected object count: 0
20:32:10.0176 2760	Deinitialize success

Gruss,

Manuel.

cosinus · 13.02.2012, 23:01

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

13.02.2012, 13:14	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J Nein wenn alles sichtbar ist brauchst du die unhide nicht __________________ Logfiles bitte immer in CODE-Tags posten

13.02.2012, 15:47	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J Ja skip musst du bei allen machen. ich will ertsmal nur sehen was da ist, mehr nicht __________________ Logfiles bitte immer in CODE-Tags posten

2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J

Plagegeister aller Art und deren Bekämpfung: 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J