|
Log-Analyse und Auswertung: Achtung Ihr Windowssystem...blockiert - Malware ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.02.2012, 16:35 | #1 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem Heyhey, Ich hab da ein kleines Problem. Als ich den Rechner, ( Windows 7 64-bit), eben angemacht habe, er ca. 10min im Leerlauf an war, kam die in letzter Zeit wohl weit verbreitete Virusmeldung der Systemblockierung und ich möge doch bitte 50€ zahlen. Andere Viren dieser Art hab ich früher mit einem "abmelde trick" umgangen und dann per antivirussoftware platt gemacht. Funktioniert hier aber leider nicht. Also Laptop angeworfen, gegoogelt, diese tolle Seite entdeckt und einige Beiträge in diese Richtung gefunden. Schließlich den Rechner im Gesicherten Modus gestartet und Malwarebytes im Quickscan darüber laufen lassen. Altklug wie ich bin natürlich nicht das Log gespeichert, denn den einen infizierten Fund hatte ich ja gelöscht :S OTL im gesicherten modus scannen lassen, wobei ich da mein Problem hatte, dass ich nicht sehen konnte das OTL überhaupt was macht. Allerdings hatte ich auch meine antiviren programme noch an :/ Nunja, Rechner hat immer noch das Problem, also erneut gesicherter Modus und diesmal einen Vollscan mit Malwarebytes, und damit ich diesmal behaupten kann, alles nach Anleitung gemacht zu haben, hier zuerst das Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.12.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Clemens :: CLEMENS-PC [Administrator] Schutz: Deaktiviert 12.02.2012 15:53:54 mbam-log-2012-02-12 (15-53-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 341004 Laufzeit: 37 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich hab ein wenig gesucht und hier ist doch noch der erste Durchlauf als Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.12.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Clemens :: CLEMENS-PC [Administrator] Schutz: Deaktiviert 12.02.2012 15:32:07 mbam-log-2012-02-12 (15-32-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 178457 Laufzeit: 2 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Clemens\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt. Ich hoffe auf Hilfe und danke im Vorraus!! Clemens |
12.02.2012, 16:41 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung Ihr Windowssystem...blockiert - Malware Problem Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
12.02.2012, 16:41 | #3 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem sieht ganz so aus als gäbe es das exakte problem zeitgleich bei einem forumskollegen :/
__________________ |
12.02.2012, 17:30 | #4 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem So hier das Ergebnis von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f6c292d56cb7f4449ec94a46af9c11e6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-12 04:27:32 # local_time=2012-02-12 05:27:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775166 100 94 460607 65602114 251360 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 195303 80691508 0 0 # compatibility_mode=8192 67108863 100 0 3899 3899 0 0 # scanned=175823 # found=3 # cleaned=0 # scan_time=2394 C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I C:\Users\Clemens\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3322fe52-3d879309 a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean) 00000000000000000000000000000000 I Von den komischen Toolbars hab ich noch nichts gehört, es ist von meiner Seite nichts mit Absicht heruntergeladen worden was das angeht :/ Was mir noch auffällt. Da es vorhin ja auch nicht ging bin ich immer noch im Gesicherten Modus, daher kann ich auch keine antivirensystem ausmachen, da sie ja gar nicht aktiv sind.^^ |
12.02.2012, 18:10 | #5 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem what to do now? |
12.02.2012, 18:11 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung Ihr Windowssystem...blockiert - Malware Problem Bei Programminstallation musst du auch immer die benutzerdefinierte Methode anklicken, damit du bei der Installation mögliche Toolbars abwählen kann! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Achtung Ihr Windowssystem...blockiert - Malware Problem |
12.02.2012, 18:17 | #7 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem gibt es programme die ich im gesicherten modus noch schließen kann/muss? meine Prozesse und Leisten zeigen nämlich keine aktiven Programme an die ich so einfach schließen könnte |
12.02.2012, 18:28 | #8 | ||
| Achtung Ihr Windowssystem...blockiert - Malware ProblemZitat:
Code:
ATTFilter OTL logfile created on: 12.02.2012 18:17:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Clemens\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,39% Memory free 8,00 Gb Paging File | 7,09 Gb Available in Paging File | 88,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 44,81 Gb Free Space | 22,94% Space Free | Partition Type: NTFS Drive D: | 37,47 Gb Total Space | 37,39 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Computer Name: CLEMENS-PC | User Name: Clemens | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 17:28:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.02.12 15:39:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe ========== Modules (No Company Name) ========== MOD - [2012.02.12 17:28:58 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.01.30 10:57:04 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.07 03:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.01.22 15:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.08 18:48:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 21:49:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.08 18:48:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.08 18:48:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.04.19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.04.07 03:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.04.07 03:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.07 02:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.12.02 14:56:56 | 000,011,376 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 15 63 26 A8 EC CA 01 [binary data] IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.5&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 17:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.10 11:29:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.02 15:40:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.06 00:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions [2012.01.09 19:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions [2012.01.09 19:34:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.12 13:29:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.08 23:33:25 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-1.xml [2012.01.10 09:30:58 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-2.xml [2012.02.03 23:39:59 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-3.xml [2012.02.12 17:29:05 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-4.xml [2012.01.05 17:38:30 | 000,000,168 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.gif [2012.01.05 17:38:30 | 000,000,618 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.src [2010.09.12 22:24:08 | 000,001,056 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.xml [2012.01.08 17:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\CLEMENS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VL9YIXOQ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2012.02.12 17:28:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.10 09:30:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 09:30:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.10 09:30:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 09:30:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 09:30:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 09:30:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-413165363-107724912-2750158317-1000..\Run: [ffdwnd] C:\Users\Clemens\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - HKU\S-1-5-21-413165363-107724912-2750158317-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E3F272D-DD0B-4B2E-BD03-6D284311FAA6}: DhcpNameServer = 212.23.97.3 212.23.97.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A174873-5109-4385-B3B6-ABE83B9E22C1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79800D7F-6F9D-4646-9DEF-ABF8CC547043}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\Shell - "" = AutoRun O33 - MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\Shell - "" = AutoRun O33 - MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 16:44:11 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\ElevatedDiagnostics [2012.02.12 16:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.12 16:42:19 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Clemens\Desktop\esetsmartinstaller_enu.exe [2012.02.12 15:39:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe [2012.02.12 15:31:00 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\Malwarebytes [2012.02.12 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.12 15:30:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.12 15:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.12 15:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.12 15:30:12 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Clemens\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.10 11:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.02.01 09:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.02.01 09:05:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.01.21 15:47:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.01.17 15:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2012.01.17 15:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble ========== Files - Modified Within 30 Days ========== [2012.02.12 16:42:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Clemens\Desktop\esetsmartinstaller_enu.exe [2012.02.12 15:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 15:48:13 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 15:47:40 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 15:47:40 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 15:39:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Desktop\OTL.exe [2012.02.12 15:30:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 15:30:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Clemens\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.11 11:19:54 | 000,056,833 | ---- | M] () -- C:\Users\Clemens\Desktop\Konto_119039169-Auszug_2012_008_pdf.pdf [2012.02.10 22:25:53 | 001,506,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.10 22:25:53 | 000,656,766 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.10 22:25:53 | 000,618,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.10 22:25:53 | 000,131,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.10 22:25:53 | 000,107,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.10 11:29:40 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.02.01 12:18:41 | 000,444,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.02.12 15:30:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.11 11:19:52 | 000,056,833 | ---- | C] () -- C:\Users\Clemens\Desktop\Konto_119039169-Auszug_2012_008_pdf.pdf [2012.02.10 11:29:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.02.10 11:29:40 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.12.02 14:56:56 | 000,011,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS [2011.07.23 11:21:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.15 22:15:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.02 19:37:29 | 000,000,620 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\burnaware.ini [2010.07.06 18:12:03 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.07.06 18:11:34 | 001,542,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.07.05 00:31:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.05.06 00:09:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.02 17:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011.10.02 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\.minecraft [2011.05.14 09:03:05 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DiskAid [2011.03.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.17 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\ICQ [2011.01.03 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\LolClient [2012.01.15 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Mumble [2011.10.06 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\pdfforge [2011.12.02 15:40:21 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Thunderbird [2011.08.18 01:24:15 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TS3Client [2012.01.31 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\uTorrent [2011.11.18 11:28:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.02 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\.minecraft [2010.05.13 12:52:26 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Adobe [2012.01.08 03:02:31 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Apple Computer [2010.05.06 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\ATI [2010.07.27 22:38:57 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Avira [2011.05.14 09:03:05 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DiskAid [2010.10.18 15:23:12 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\dvdcss [2011.03.12 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.17 18:50:21 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\ICQ [2010.05.06 00:00:54 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Identities [2011.01.03 02:56:49 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\LolClient [2010.05.10 20:39:44 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Macromedia [2012.02.12 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Media Center Programs [2011.07.23 11:25:52 | 000,000,000 | --SD | M] -- C:\Users\Clemens\AppData\Roaming\Microsoft [2010.05.06 00:16:10 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Mozilla [2012.01.15 09:10:51 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Mumble [2011.10.06 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\pdfforge [2011.11.20 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Skype [2011.11.20 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\skypePM [2011.12.02 15:40:21 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Thunderbird [2011.08.18 01:24:15 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TS3Client [2012.01.31 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\uTorrent [2010.05.22 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Ventrilo [2012.02.03 02:17:11 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\vlc [2010.06.08 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.20 13:27:25 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Clemens\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2008.12.02 07:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI.exe [2008.12.01 12:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI32.exe [2008.12.01 12:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\UninstallMSI64.exe [2008.12.24 06:18:30 | 000,831,488 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe [2008.06.09 03:38:28 | 000,139,264 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutorunService.exe [2008.06.09 03:37:52 | 000,126,976 | R--- | M] () -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGAutoRunSvcTerminate.exe [2009.01.27 07:28:16 | 003,817,737 | R--- | M] (Vodafone, support@vodafone.com) -- C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Templates\G\tools\VTP V2.3.20.2500 Compressed Embedded Setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > nur für den Fall der Fälle Zitat:
Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 18:17:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Clemens\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,39% Memory free 8,00 Gb Paging File | 7,09 Gb Available in Paging File | 88,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 44,81 Gb Free Space | 22,94% Space Free | Partition Type: NTFS Drive D: | 37,47 Gb Total Space | 37,39 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Computer Name: CLEMENS-PC | User Name: Clemens | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64 "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista "{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common "{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English "{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light "{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.3.3 "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static "{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "BurnAware Free_is1" = BurnAware Free 3.0.2 "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Giraffic" = Veoh Giraffic Video Accelerator "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "Mumble" = Mumble and Murmur "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Veoh Web Player Beta" = Veoh Web Player "VLC media player" = VLC media player 1.1.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10.08.2011 21:04:58 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.08.2011 21:04:58 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 00:03:17 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 00:03:17 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.08.2011 00:05:17 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\system32\conhost.exe". Die abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 19.08.2011 20:00:53 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Clemens\Desktop\SoftonicDownloader_fuer_free-alarm-clock.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 19.08.2011 20:00:55 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Clemens\Desktop\SoftonicDownloader_fuer_free-alarm-clock.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 19.08.2011 20:00:57 | Computer Name = Clemens-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Clemens\Desktop\SoftonicDownloader_fuer_free-alarm-clock.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 09.10.2011 05:51:59 | Computer Name = Clemens-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 614 Startzeit: 01cc8655a4034fa1 Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: Error - 17.11.2011 19:01:21 | Computer Name = Clemens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610, Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600, Zeitstempel: 0x4ca30e16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000121da ID des fehlerhaften Prozesses: 0xf8c Startzeit der fehlerhaften Anwendung: 0x01cca57bdbc51c4a Pfad der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.101\deploy\LolClient.exe Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.101\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 107328a6-1170-11e1-8edb-001c4af1ecae [ Media Center Events ] Error - 06.07.2010 13:20:26 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 19:20:19 - Fehler beim Herstellen der Internetverbindung. 19:20:19 - Serververbindung konnte nicht hergestellt werden.. Error - 06.07.2010 16:51:25 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 22:51:25 - Fehler beim Herstellen der Internetverbindung. 22:51:25 - Serververbindung konnte nicht hergestellt werden.. Error - 06.07.2010 16:51:35 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 22:51:30 - Fehler beim Herstellen der Internetverbindung. 22:51:30 - Serververbindung konnte nicht hergestellt werden.. Error - 06.07.2010 17:51:55 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 23:51:55 - Fehler beim Herstellen der Internetverbindung. 23:51:55 - Serververbindung konnte nicht hergestellt werden.. Error - 06.07.2010 17:52:02 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 23:52:00 - Fehler beim Herstellen der Internetverbindung. 23:52:00 - Serververbindung konnte nicht hergestellt werden.. Error - 09.12.2010 20:26:03 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 01:26:02 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 17.01.2011 20:36:45 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 01:36:45 - Fehler beim Herstellen der Internetverbindung. 01:36:45 - Serververbindung konnte nicht hergestellt werden.. Error - 17.01.2011 20:37:17 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 01:37:14 - Fehler beim Herstellen der Internetverbindung. 01:37:14 - Serververbindung konnte nicht hergestellt werden.. Error - 17.01.2011 21:37:59 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 02:37:59 - Fehler beim Herstellen der Internetverbindung. 02:37:59 - Serververbindung konnte nicht hergestellt werden.. Error - 17.01.2011 21:38:29 | Computer Name = Clemens-PC | Source = MCUpdate | ID = 0 Description = 02:38:28 - Fehler beim Herstellen der Internetverbindung. 02:38:28 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 12.02.2012 10:48:29 | Computer Name = Clemens-PC | Source = DCOM | ID = 10005 Description = Error - 12.02.2012 10:48:32 | Computer Name = Clemens-PC | Source = DCOM | ID = 10005 Description = Error - 12.02.2012 10:48:32 | Computer Name = Clemens-PC | Source = DCOM | ID = 10005 Description = Error - 12.02.2012 10:48:31 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:31 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:31 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:32 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:33 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:33 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 12.02.2012 10:48:33 | Computer Name = Clemens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Ich hoffe man kann damit weiterarbeiten Danke im Vorraus Arne! |
12.02.2012, 18:49 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung Ihr Windowssystem...blockiert - Malware Problem Funktioniert der normale Modus noch nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 18:55 | #10 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem Nein. Windows startet aber bevor das Desktop bzw der Explorer überhaupt laden kann schaltet sich wieder die Virusmeldung dazwischen...sprich es springt von dem blauen Windows Ladebildschirm direkt auf die Virusmeldung |
12.02.2012, 19:17 | #11 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem woran unterscheidet sich das ob man nun einen otl fix oder diese anderen combofix kasperky etc. nimmt, sind das soviele versch. qullen für denselben virus? |
12.02.2012, 19:20 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung Ihr Windowssystem...blockiert - Malware Problem Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 15 63 26 A8 EC CA 01 [binary data] IE - HKU\S-1-5-21-413165363-107724912-2750158317-1000\..\URLSearchHook: - No CLSID value found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.5&q=" [2012.01.09 19:34:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.12 13:29:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.08 23:33:25 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-1.xml [2012.01.10 09:30:58 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-2.xml [2012.02.03 23:39:59 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-3.xml [2012.02.12 17:29:05 | 000,000,950 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-4.xml [2012.01.05 17:38:30 | 000,000,168 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.gif [2012.01.05 17:38:30 | 000,000,618 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.src [2010.09.12 22:24:08 | 000,001,056 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.xml O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O4 - HKU\S-1-5-21-413165363-107724912-2750158317-1000..\Run: [ffdwnd] C:\Users\Clemens\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\Shell - "" = AutoRun O33 - MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\Shell - "" = AutoRun O33 - MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe :Files C:\Users\Clemens\AppData\Roaming\pdfforge :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 19:36 | #13 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem so der rechner hat sich nun neugestartet und den normalen modus "wiederhergestellt". befinde mich also momentan in jenem. hab noch nicht viel getan aber der virus springt erstmal nicht an. hier die OTL fix log Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKU\S-1-5-21-413165363-107724912-2750158317-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-413165363-107724912-2750158317-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.5&q=" removed from keyword.URL C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully. C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\vl9yixoq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-3.xml moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin-4.xml moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.gif moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.src moved successfully. C:\Users\Clemens\AppData\Roaming\Mozilla\Firefox\Profiles\vl9yixoq.default\searchplugins\icqplugin.xml moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_USERS\S-1-5-21-413165363-107724912-2750158317-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully. C:\Users\Clemens\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4000b53e-e0b7-11e0-b62f-40618629d884}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4000b53e-e0b7-11e0-b62f-40618629d884}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4000b53e-e0b7-11e0-b62f-40618629d884}\ not found. File G:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c104c58e-a0aa-11df-b2fb-40618629d884}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c104c58e-a0aa-11df-b2fb-40618629d884}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c104c58e-a0aa-11df-b2fb-40618629d884}\ not found. File G:\USBAutoRun.exe not found. ========== FILES ========== C:\Users\Clemens\AppData\Roaming\pdfforge\Images2PDF folder moved successfully. C:\Users\Clemens\AppData\Roaming\pdfforge folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Clemens ->Temp folder emptied: 9243138 bytes ->Temporary Internet Files folder emptied: 75473552 bytes ->Java cache emptied: 1731144 bytes ->FireFox cache emptied: 884621036 bytes ->Flash cache emptied: 117061576 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 761281266 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.764,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02122012_192902 Files\Folders moved on Reboot... C:\Users\Clemens\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Vielen Vielen Dank an dieser Stelle. GIbt es nun eine Möglichtkeit sicherzugehen. dass der Rechner auch sauber ist? Und welches kostenfrei antivirentool sollte ich installieren um möglichst gut geschützt zu sein? |
12.02.2012, 20:31 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung Ihr Windowssystem...blockiert - Malware Problem Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 21:40 | #15 |
| Achtung Ihr Windowssystem...blockiert - Malware Problem Also auf meine Dateien kann ich soweit komplett zugreifen und ich vermisse auch momentan keine Verknüpfungen. Hier aber das Log von Kasperky, es gab eine Meldung die ich aber wie befohlen mit "skip" behandelt habe. Code:
ATTFilter 21:32:30.0666 3372 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 21:32:30.0812 3372 ============================================================ 21:32:30.0812 3372 Current date / time: 2012/02/12 21:32:30.0812 21:32:30.0812 3372 SystemInfo: 21:32:30.0812 3372 21:32:30.0812 3372 OS Version: 6.1.7601 ServicePack: 1.0 21:32:30.0812 3372 Product type: Workstation 21:32:30.0812 3372 ComputerName: CLEMENS-PC 21:32:30.0812 3372 UserName: Clemens 21:32:30.0812 3372 Windows directory: C:\Windows 21:32:30.0812 3372 System windows directory: C:\Windows 21:32:30.0812 3372 Running under WOW64 21:32:30.0812 3372 Processor architecture: Intel x64 21:32:30.0812 3372 Number of processors: 4 21:32:30.0812 3372 Page size: 0x1000 21:32:30.0812 3372 Boot type: Normal boot 21:32:30.0812 3372 ============================================================ 21:32:31.0554 3372 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:32:31.0557 3372 \Device\Harddisk0\DR0: 21:32:31.0557 3372 MBR used 21:32:31.0557 3372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:32:31.0557 3372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4AF3000 21:32:31.0557 3372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4B25800, BlocksNum 0x1869F800 21:32:31.0573 3372 Initialize success 21:32:31.0573 3372 ============================================================ 21:33:21.0890 3048 ============================================================ 21:33:21.0890 3048 Scan started 21:33:21.0890 3048 Mode: Manual; SigCheck; TDLFS; 21:33:21.0890 3048 ============================================================ 21:33:22.0463 3048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:33:22.0566 3048 1394ohci - ok 21:33:22.0614 3048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:33:22.0623 3048 ACPI - ok 21:33:22.0662 3048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:33:22.0719 3048 AcpiPmi - ok 21:33:22.0768 3048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:33:22.0785 3048 adp94xx - ok 21:33:22.0802 3048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:33:22.0816 3048 adpahci - ok 21:33:22.0836 3048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:33:22.0848 3048 adpu320 - ok 21:33:22.0898 3048 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 21:33:22.0953 3048 AFD - ok 21:33:23.0000 3048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:33:23.0009 3048 agp440 - ok 21:33:23.0056 3048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:33:23.0064 3048 aliide - ok 21:33:23.0122 3048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:33:23.0130 3048 amdide - ok 21:33:23.0148 3048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:33:23.0203 3048 AmdK8 - ok 21:33:23.0316 3048 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys 21:33:23.0448 3048 amdkmdag - ok 21:33:23.0560 3048 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys 21:33:23.0598 3048 amdkmdap - ok 21:33:23.0633 3048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:33:23.0668 3048 AmdPPM - ok 21:33:23.0717 3048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:33:23.0727 3048 amdsata - ok 21:33:23.0738 3048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:33:23.0750 3048 amdsbs - ok 21:33:23.0766 3048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:33:23.0774 3048 amdxata - ok 21:33:23.0842 3048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:33:23.0922 3048 AppID - ok 21:33:23.0954 3048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:33:23.0965 3048 arc - ok 21:33:23.0979 3048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:33:23.0989 3048 arcsas - ok 21:33:24.0009 3048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:33:24.0091 3048 AsyncMac - ok 21:33:24.0125 3048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:33:24.0130 3048 atapi - ok 21:33:24.0185 3048 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys 21:33:24.0223 3048 AtiHdmiService - ok 21:33:24.0335 3048 atikmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys 21:33:24.0392 3048 atikmdag - ok 21:33:24.0432 3048 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 21:33:24.0441 3048 avgntflt - ok 21:33:24.0473 3048 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 21:33:24.0483 3048 avipbb - ok 21:33:24.0524 3048 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 21:33:24.0532 3048 avmeject - ok 21:33:24.0574 3048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:33:24.0617 3048 b06bdrv - ok 21:33:24.0643 3048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:33:24.0690 3048 b57nd60a - ok 21:33:24.0714 3048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:33:24.0766 3048 Beep - ok 21:33:24.0807 3048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:33:24.0826 3048 blbdrive - ok 21:33:24.0896 3048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:33:24.0939 3048 bowser - ok 21:33:24.0954 3048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:33:25.0020 3048 BrFiltLo - ok 21:33:25.0026 3048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:33:25.0036 3048 BrFiltUp - ok 21:33:25.0056 3048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:33:25.0094 3048 Brserid - ok 21:33:25.0110 3048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:33:25.0132 3048 BrSerWdm - ok 21:33:25.0142 3048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:33:25.0157 3048 BrUsbMdm - ok 21:33:25.0168 3048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:33:25.0186 3048 BrUsbSer - ok 21:33:25.0205 3048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:33:25.0223 3048 BTHMODEM - ok 21:33:25.0244 3048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:33:25.0269 3048 cdfs - ok 21:33:25.0329 3048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 21:33:25.0367 3048 cdrom - ok 21:33:25.0401 3048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:33:25.0431 3048 circlass - ok 21:33:25.0462 3048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:33:25.0473 3048 CLFS - ok 21:33:25.0528 3048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:33:25.0550 3048 CmBatt - ok 21:33:25.0583 3048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:33:25.0591 3048 cmdide - ok 21:33:25.0632 3048 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 21:33:25.0659 3048 CNG - ok 21:33:25.0676 3048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:33:25.0684 3048 Compbatt - ok 21:33:25.0705 3048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:33:25.0751 3048 CompositeBus - ok 21:33:25.0766 3048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:33:25.0775 3048 crcdisk - ok 21:33:25.0837 3048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:33:25.0866 3048 DfsC - ok 21:33:25.0892 3048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:33:25.0920 3048 discache - ok 21:33:25.0942 3048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:33:25.0951 3048 Disk - ok 21:33:25.0994 3048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:33:26.0016 3048 drmkaud - ok 21:33:26.0077 3048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:33:26.0100 3048 DXGKrnl - ok 21:33:26.0162 3048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:33:26.0241 3048 ebdrv - ok 21:33:26.0297 3048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:33:26.0313 3048 elxstor - ok 21:33:26.0350 3048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:33:26.0367 3048 ErrDev - ok 21:33:26.0389 3048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:33:26.0428 3048 exfat - ok 21:33:26.0446 3048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:33:26.0486 3048 fastfat - ok 21:33:26.0506 3048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:33:26.0551 3048 fdc - ok 21:33:26.0566 3048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:33:26.0576 3048 FileInfo - ok 21:33:26.0584 3048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:33:26.0618 3048 Filetrace - ok 21:33:26.0636 3048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:33:26.0653 3048 flpydisk - ok 21:33:26.0688 3048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:33:26.0702 3048 FltMgr - ok 21:33:26.0732 3048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:33:26.0741 3048 FsDepends - ok 21:33:26.0755 3048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:33:26.0763 3048 Fs_Rec - ok 21:33:26.0808 3048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:33:26.0824 3048 fvevol - ok 21:33:26.0867 3048 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 21:33:26.0904 3048 FWLANUSB - ok 21:33:26.0929 3048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:33:26.0938 3048 gagp30kx - ok 21:33:26.0999 3048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:33:27.0005 3048 GEARAspiWDM - ok 21:33:27.0076 3048 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 21:33:27.0083 3048 hamachi - ok 21:33:27.0100 3048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:33:27.0167 3048 hcw85cir - ok 21:33:27.0216 3048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:33:27.0252 3048 HdAudAddService - ok 21:33:27.0287 3048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:33:27.0308 3048 HDAudBus - ok 21:33:27.0334 3048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:33:27.0352 3048 HidBatt - ok 21:33:27.0371 3048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:33:27.0405 3048 HidBth - ok 21:33:27.0422 3048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:33:27.0447 3048 HidIr - ok 21:33:27.0480 3048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys 21:33:27.0501 3048 HidUsb - ok 21:33:27.0539 3048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:33:27.0549 3048 HpSAMD - ok 21:33:27.0615 3048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:33:27.0660 3048 HTTP - ok 21:33:27.0693 3048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:33:27.0701 3048 hwpolicy - ok 21:33:27.0743 3048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:33:27.0755 3048 i8042prt - ok 21:33:27.0805 3048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:33:27.0820 3048 iaStorV - ok 21:33:27.0844 3048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:33:27.0853 3048 iirsp - ok 21:33:27.0895 3048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:33:27.0903 3048 intelide - ok 21:33:27.0914 3048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:33:27.0938 3048 intelppm - ok 21:33:27.0990 3048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:33:28.0033 3048 IpFilterDriver - ok 21:33:28.0065 3048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:33:28.0076 3048 IPMIDRV - ok 21:33:28.0103 3048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:33:28.0139 3048 IPNAT - ok 21:33:28.0175 3048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:33:28.0222 3048 IRENUM - ok 21:33:28.0255 3048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:33:28.0263 3048 isapnp - ok 21:33:28.0286 3048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:33:28.0300 3048 iScsiPrt - ok 21:33:28.0343 3048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 21:33:28.0352 3048 kbdclass - ok 21:33:28.0372 3048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 21:33:28.0382 3048 kbdhid - ok 21:33:28.0416 3048 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 21:33:28.0423 3048 KMWDFILTER - ok 21:33:28.0464 3048 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 21:33:28.0474 3048 KSecDD - ok 21:33:28.0490 3048 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 21:33:28.0501 3048 KSecPkg - ok 21:33:28.0512 3048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:33:28.0548 3048 ksthunk - ok 21:33:28.0594 3048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:33:28.0619 3048 lltdio - ok 21:33:28.0649 3048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:33:28.0659 3048 LSI_FC - ok 21:33:28.0671 3048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:33:28.0681 3048 LSI_SAS - ok 21:33:28.0699 3048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:33:28.0708 3048 LSI_SAS2 - ok 21:33:28.0723 3048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:33:28.0733 3048 LSI_SCSI - ok 21:33:28.0753 3048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:33:28.0791 3048 luafv - ok 21:33:28.0851 3048 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 21:33:28.0858 3048 MBAMProtector - ok 21:33:28.0874 3048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:33:28.0882 3048 megasas - ok 21:33:28.0905 3048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:33:28.0918 3048 MegaSR - ok 21:33:28.0944 3048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:33:28.0977 3048 Modem - ok 21:33:28.0997 3048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:33:29.0011 3048 monitor - ok 21:33:29.0060 3048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 21:33:29.0069 3048 mouclass - ok 21:33:29.0094 3048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:33:29.0115 3048 mouhid - ok 21:33:29.0153 3048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:33:29.0163 3048 mountmgr - ok 21:33:29.0205 3048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:33:29.0217 3048 mpio - ok 21:33:29.0230 3048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:33:29.0274 3048 mpsdrv - ok 21:33:29.0299 3048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:33:29.0339 3048 MRxDAV - ok 21:33:29.0372 3048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:33:29.0425 3048 mrxsmb - ok 21:33:29.0469 3048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:33:29.0501 3048 mrxsmb10 - ok 21:33:29.0525 3048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:33:29.0536 3048 mrxsmb20 - ok 21:33:29.0573 3048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:33:29.0581 3048 msahci - ok 21:33:29.0597 3048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:33:29.0609 3048 msdsm - ok 21:33:29.0628 3048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:33:29.0652 3048 Msfs - ok 21:33:29.0676 3048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:33:29.0704 3048 mshidkmdf - ok 21:33:29.0745 3048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:33:29.0753 3048 msisadrv - ok 21:33:29.0794 3048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:33:29.0822 3048 MSKSSRV - ok 21:33:29.0840 3048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:33:29.0863 3048 MSPCLOCK - ok 21:33:29.0877 3048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:33:29.0932 3048 MSPQM - ok 21:33:29.0975 3048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:33:29.0989 3048 MsRPC - ok 21:33:30.0030 3048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:33:30.0035 3048 mssmbios - ok 21:33:30.0053 3048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:33:30.0087 3048 MSTEE - ok 21:33:30.0097 3048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:33:30.0141 3048 MTConfig - ok 21:33:30.0175 3048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:33:30.0184 3048 Mup - ok 21:33:30.0219 3048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:33:30.0243 3048 NativeWifiP - ok 21:33:30.0300 3048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:33:30.0317 3048 NDIS - ok 21:33:30.0343 3048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:33:30.0368 3048 NdisCap - ok 21:33:30.0392 3048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:33:30.0426 3048 NdisTapi - ok 21:33:30.0455 3048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:33:30.0479 3048 Ndisuio - ok 21:33:30.0517 3048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:33:30.0555 3048 NdisWan - ok 21:33:30.0594 3048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:33:30.0630 3048 NDProxy - ok 21:33:30.0696 3048 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys 21:33:30.0706 3048 Netaapl ( UnsignedFile.Multi.Generic ) - warning 21:33:30.0706 3048 Netaapl - detected UnsignedFile.Multi.Generic (1) 21:33:30.0718 3048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:33:30.0748 3048 NetBIOS - ok 21:33:30.0785 3048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:33:30.0823 3048 NetBT - ok 21:33:30.0867 3048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:33:30.0876 3048 nfrd960 - ok 21:33:30.0897 3048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:33:30.0929 3048 Npfs - ok 21:33:30.0944 3048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:33:30.0973 3048 nsiproxy - ok 21:33:31.0029 3048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:33:31.0065 3048 Ntfs - ok 21:33:31.0078 3048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:33:31.0126 3048 Null - ok 21:33:31.0316 3048 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:33:31.0499 3048 nvlddmkm - ok 21:33:31.0601 3048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:33:31.0612 3048 nvraid - ok 21:33:31.0633 3048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:33:31.0644 3048 nvstor - ok 21:33:31.0697 3048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:33:31.0708 3048 nv_agp - ok 21:33:31.0747 3048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:33:31.0769 3048 ohci1394 - ok 21:33:31.0824 3048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:33:31.0835 3048 Parport - ok 21:33:31.0865 3048 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 21:33:31.0875 3048 partmgr - ok 21:33:31.0913 3048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:33:31.0920 3048 pci - ok 21:33:31.0956 3048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:33:31.0964 3048 pciide - ok 21:33:31.0988 3048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:33:32.0002 3048 pcmcia - ok 21:33:32.0022 3048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:33:32.0031 3048 pcw - ok 21:33:32.0050 3048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:33:32.0091 3048 PEAUTH - ok 21:33:32.0168 3048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:33:32.0200 3048 PptpMiniport - ok 21:33:32.0218 3048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:33:32.0235 3048 Processor - ok 21:33:32.0284 3048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:33:32.0317 3048 Psched - ok 21:33:32.0347 3048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:33:32.0378 3048 ql2300 - ok 21:33:32.0393 3048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:33:32.0405 3048 ql40xx - ok 21:33:32.0421 3048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:33:32.0450 3048 QWAVEdrv - ok 21:33:32.0467 3048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:33:32.0491 3048 RasAcd - ok 21:33:32.0510 3048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:33:32.0535 3048 RasAgileVpn - ok 21:33:32.0572 3048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:33:32.0607 3048 Rasl2tp - ok 21:33:32.0638 3048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:33:32.0676 3048 RasPppoe - ok 21:33:32.0689 3048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:33:32.0715 3048 RasSstp - ok 21:33:32.0755 3048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:33:32.0785 3048 rdbss - ok 21:33:32.0800 3048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:33:32.0818 3048 rdpbus - ok 21:33:32.0833 3048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:33:32.0865 3048 RDPCDD - ok 21:33:32.0882 3048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:33:32.0908 3048 RDPENCDD - ok 21:33:32.0922 3048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:33:32.0946 3048 RDPREFMP - ok 21:33:32.0984 3048 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 21:33:33.0010 3048 RDPWD - ok 21:33:33.0044 3048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:33:33.0057 3048 rdyboost - ok 21:33:33.0093 3048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:33:33.0131 3048 rspndr - ok 21:33:33.0189 3048 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:33:33.0203 3048 RTL8167 - ok 21:33:33.0245 3048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:33:33.0255 3048 sbp2port - ok 21:33:33.0294 3048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:33:33.0318 3048 scfilter - ok 21:33:33.0362 3048 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS 21:33:33.0396 3048 SecDrv - ok 21:33:33.0424 3048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:33:33.0434 3048 Serenum - ok 21:33:33.0447 3048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:33:33.0473 3048 Serial - ok 21:33:33.0504 3048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:33:33.0514 3048 sermouse - ok 21:33:33.0532 3048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:33:33.0573 3048 sffdisk - ok 21:33:33.0591 3048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:33:33.0607 3048 sffp_mmc - ok 21:33:33.0622 3048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:33:33.0645 3048 sffp_sd - ok 21:33:33.0655 3048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:33:33.0682 3048 sfloppy - ok 21:33:33.0714 3048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:33:33.0723 3048 SiSRaid2 - ok 21:33:33.0738 3048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:33:33.0748 3048 SiSRaid4 - ok 21:33:33.0776 3048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:33:33.0810 3048 Smb - ok 21:33:33.0849 3048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:33:33.0857 3048 spldr - ok 21:33:33.0903 3048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:33:33.0960 3048 srv - ok 21:33:33.0979 3048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:33:34.0001 3048 srv2 - ok 21:33:34.0017 3048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:33:34.0037 3048 srvnet - ok 21:33:34.0065 3048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:33:34.0074 3048 stexstor - ok 21:33:34.0114 3048 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 21:33:34.0132 3048 StillCam - ok 21:33:34.0184 3048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:33:34.0192 3048 swenum - ok 21:33:34.0260 3048 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 21:33:34.0303 3048 Tcpip - ok 21:33:34.0329 3048 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 21:33:34.0353 3048 TCPIP6 - ok 21:33:34.0396 3048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:33:34.0437 3048 tcpipreg - ok 21:33:34.0457 3048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:33:34.0481 3048 TDPIPE - ok 21:33:34.0492 3048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:33:34.0524 3048 TDTCP - ok 21:33:34.0560 3048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:33:34.0591 3048 tdx - ok 21:33:34.0622 3048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:33:34.0632 3048 TermDD - ok 21:33:34.0679 3048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:33:34.0709 3048 tssecsrv - ok 21:33:34.0769 3048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:33:34.0801 3048 TsUsbFlt - ok 21:33:34.0843 3048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:33:34.0869 3048 tunnel - ok 21:33:34.0885 3048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:33:34.0895 3048 uagp35 - ok 21:33:34.0936 3048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:33:34.0976 3048 udfs - ok 21:33:35.0036 3048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:33:35.0045 3048 uliagpkx - ok 21:33:35.0097 3048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 21:33:35.0120 3048 umbus - ok 21:33:35.0140 3048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:33:35.0156 3048 UmPass - ok 21:33:35.0221 3048 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 21:33:35.0258 3048 USBAAPL64 - ok 21:33:35.0269 3048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:33:35.0296 3048 usbccgp - ok 21:33:35.0343 3048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:33:35.0372 3048 usbcir - ok 21:33:35.0391 3048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 21:33:35.0411 3048 usbehci - ok 21:33:35.0435 3048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:33:35.0460 3048 usbhub - ok 21:33:35.0478 3048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 21:33:35.0494 3048 usbohci - ok 21:33:35.0517 3048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:33:35.0534 3048 usbprint - ok 21:33:35.0572 3048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:33:35.0628 3048 USBSTOR - ok 21:33:35.0641 3048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:33:35.0658 3048 usbuhci - ok 21:33:35.0709 3048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:33:35.0718 3048 vdrvroot - ok 21:33:35.0746 3048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:33:35.0756 3048 vga - ok 21:33:35.0772 3048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:33:35.0806 3048 VgaSave - ok 21:33:35.0840 3048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:33:35.0853 3048 vhdmp - ok 21:33:35.0887 3048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:33:35.0895 3048 viaide - ok 21:33:35.0926 3048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:33:35.0935 3048 volmgr - ok 21:33:35.0976 3048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:33:35.0992 3048 volmgrx - ok 21:33:36.0006 3048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:33:36.0020 3048 volsnap - ok 21:33:36.0041 3048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:33:36.0052 3048 vsmraid - ok 21:33:36.0067 3048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 21:33:36.0084 3048 vwifibus - ok 21:33:36.0106 3048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:33:36.0127 3048 WacomPen - ok 21:33:36.0153 3048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:33:36.0188 3048 WANARP - ok 21:33:36.0200 3048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:33:36.0221 3048 Wanarpv6 - ok 21:33:36.0246 3048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:33:36.0255 3048 Wd - ok 21:33:36.0276 3048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:33:36.0296 3048 Wdf01000 - ok 21:33:36.0333 3048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:33:36.0357 3048 WfpLwf - ok 21:33:36.0370 3048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:33:36.0378 3048 WIMMount - ok 21:33:36.0452 3048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS 21:33:36.0470 3048 WinUsb - ok 21:33:36.0509 3048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:33:36.0516 3048 WmiAcpi - ok 21:33:36.0557 3048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:33:36.0588 3048 ws2ifsl - ok 21:33:36.0635 3048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:33:36.0665 3048 WudfPf - ok 21:33:36.0693 3048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:33:36.0725 3048 WUDFRd - ok 21:33:36.0756 3048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:33:36.0861 3048 \Device\Harddisk0\DR0 - ok 21:33:36.0863 3048 Boot (0x1200) (ce704f3fbe5ef883858fc2756e49db81) \Device\Harddisk0\DR0\Partition0 21:33:36.0864 3048 \Device\Harddisk0\DR0\Partition0 - ok 21:33:36.0891 3048 Boot (0x1200) (76a2316858a47b2d12182c37e260cb2f) \Device\Harddisk0\DR0\Partition1 21:33:36.0891 3048 \Device\Harddisk0\DR0\Partition1 - ok 21:33:36.0902 3048 Boot (0x1200) (4b7dc21ce159f26e7b074bf76af19395) \Device\Harddisk0\DR0\Partition2 21:33:36.0902 3048 \Device\Harddisk0\DR0\Partition2 - ok 21:33:36.0902 3048 ============================================================ 21:33:36.0902 3048 Scan finished 21:33:36.0902 3048 ============================================================ 21:33:36.0910 4744 Detected object count: 1 21:33:36.0910 4744 Actual detected object count: 1 21:38:01.0752 4744 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user 21:38:01.0752 4744 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Themen zu Achtung Ihr Windowssystem...blockiert - Malware Problem |
64-bit, administrator, anti-malware, appdata, autostart, code, datei gelöscht, dateien, dateisystem, exploit.drop.cfg, explorer, fix, funktioniert, gelöscht, gen, gesicherter modus, heuristiks/extra, heuristiks/shuriken, infizierte, laptop, log, malware, malwarebytes, ms0cfg32.exe, nicht mehr, problem, programme, rechner, seite, temp, trick, viren, windows, windows 7 64-bit |