| |
| |||||||
Log-Analyse und Auswertung: Der 50€ Virus blockiert mein BenutzerkontoWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2012, 13:51
| #1 |
| |  Der 50€ Virus blockiert mein Benutzerkonto Moin Moin, auf meinem Computer, aber nur bei einem Benutzerkonto, erscheint, sobald man sich einloggt eine Aufforderung 50 Euro für ein Update zu Zahlen weil der Computer mit zu vielen schädlichen Dateien, etc verseucht sei. Nun habe ich hier im Board gelesen, das ich Malwarebytes durchlaufen lassen soll und den log hier posten, also hier ist er: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.13.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Juergen :: COOLEKISTE [Administrator] 13.02.2012 16:05:46 mbam-log-2012-02-13 (16-05-46).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442192 Laufzeit: 2 Stunde(n), 22 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\fheydbueyj.exe (Trojan.SpyEyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 3 C:\Users\Traktorfahrer\Downloads\SetupCasino_f80b39.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Traktorfahrer\AppData\Local\Temp\0.20737227708907058.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Traktorfahrer\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank schonmal im vorraus! |
|
15.02.2012, 19:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Der 50€ Virus blockiert mein Benutzerkonto Ok, dann lass ESET erstmal weg. Funktioniert zumindest der normale Modus wieder?
__________________
__________________ |
|
15.02.2012, 22:11
| #3 |
| | Der 50€ Virus blockiert mein Benutzerkonto Guten Abend,
__________________Nein leider funktioniert der nicht.. aber es ist nur das eine Benutzerkonto betroffen, würd es eventuell etwas bringen, den Benutzer einfach zu löschen und neu zu erstellen? An alle wichtigen Daten komm ich ja auch so ran von anderen Benutzern, um diese zu sichern. Gruß |
|
15.02.2012, 22:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Der 50€ Virus blockiert mein Benutzerkonto Hast du kein anderes Benutzerkonto mit Adminrechten? Wenn ja probier davon mal den Scan mit ESET. Geht das nciht, mach im normalen Modus mit diesem anderen Adminuse ein neues OTL-Log Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.02.2012, 23:02
| #5 |
| | Der 50€ Virus blockiert mein Benutzerkonto Soooo, vielen Dank schonmal für die Antworten! Lustigerweise hat mir jetzt mein G Data TotalCare Programm von sich aus angeboten einen Trojaner zu löschen.... nachdem ich das gemacht hab geht es nun endlich wieder. Komisch eigentlich, das das Programm den Trojaner erst einen Tag später erkennt? Gestern hatte ich schon einen PC Scan auch mit dem Programm durchgeführt, da war allerdings nichts bei raus gekommen. Naja, ich freu mich einfach über diese Überraschung des Programms und Bedanke mich nochmals für die Hilfe! Gruß |
|
15.02.2012, 23:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Der 50€ Virus blockiert mein Benutzerkonto Mach das OTL-Log wie o.g.!
__________________ --> Der 50€ Virus blockiert mein Benutzerkonto |
|
16.02.2012, 16:50
| #7 |
| | Der 50€ Virus blockiert mein Benutzerkonto Hier ist es: Code:
ATTFilter OTL logfile created on: 16.02.2012 16:06:45 - Run 1 OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Traktorfahrer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,67% Memory free 3,74 Gb Paging File | 2,54 Gb Available in Paging File | 67,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 677,54 Gb Total Space | 516,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 13,93 Gb Free Space | 69,63% Space Free | Partition Type: NTFS Computer Name: COOLEKISTE | User Name: Juergen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.16 16:01:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Traktorfahrer\Desktop\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.09.07 12:46:01 | 001,506,312 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.08.17 14:00:08 | 000,448,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.08.17 14:00:04 | 001,620,488 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe PRC - [2011.08.17 14:00:02 | 001,011,208 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe PRC - [2011.08.17 14:00:02 | 000,464,392 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe PRC - [2011.08.10 13:20:30 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe PRC - [2011.07.28 02:12:22 | 001,454,304 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe PRC - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.10.27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.04.09 15:20:02 | 030,127,360 | ---- | M] (D-Link Corp.) -- C:\Programme\D-Link\DWA-547 revA\wirelesscm.exe PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.08.25 10:29:52 | 000,225,280 | ---- | M] (Funkwerk Enterprise Communications GmbH) -- C:\Programme\funkwerk WIN-Tools\Eumex 401 WIN-Tools V1.00\ControlCenter.exe PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.03.09 16:18:44 | 000,204,800 | ---- | M] () -- C:\Programme\D-Link\DWA-547 revA\WLanWps.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.09.07 12:46:01 | 001,506,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.09.07 02:09:46 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2011.08.17 14:00:08 | 000,448,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.08.17 14:00:02 | 000,464,392 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2011.08.10 13:20:30 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2011.07.28 02:43:48 | 001,070,072 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2011.07.28 02:12:22 | 001,454,304 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2011.05.26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.03.19 09:13:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.09.26 18:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\D-Link\DWA-547 revA\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - [2011.11.10 20:25:37 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2011.10.18 17:16:27 | 000,079,608 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2011.10.18 17:16:27 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2011.10.12 14:57:07 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2011.10.12 14:56:19 | 000,040,312 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2011.10.12 14:56:16 | 000,029,560 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon) DRV - [2011.10.12 14:56:15 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2011.07.13 13:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NBVol.sys -- (NBVol) DRV - [2011.07.13 13:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NBVolUp.sys -- (NBVolUp) DRV - [2010.01.08 02:09:14 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2008.12.29 13:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.15 02:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008.02.13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/de IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.directbox.com/ IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/de IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.surfstartseite.de IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.08.04 15:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\Extensions [2011.08.04 15:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juergen\AppData\Roaming\mozilla\Firefox\Profiles\anbce89j.default\extensions O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003..\Run: [{63FBB62B-A48E-11DF-B9A9-806E6F6E6963}] C:\Users\Traktorfahrer\AppData\Roaming\Microsoft\torrent.exe File not found O4 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003..\Run: [avupdate] C:\Users\Traktorfahrer\AppData\Roaming\mahmud.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{826BD671-D2DE-4DAD-A67D-56B54813B34D}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7B236EB-B4D0-4915-9017-BE4485398849}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.16 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\Juergen\AppData\Roaming\TuneUp Software [2012.02.16 15:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.02.16 15:43:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.02.15 23:10:09 | 000,000,000 | ---D | C] -- C:\Users\Juergen\AppData\Roaming\WinRAR [2012.02.15 23:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.02.13 19:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.13 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\Juergen\AppData\Roaming\Malwarebytes [2012.02.13 16:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.13 16:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.13 16:04:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.13 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.12 16:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2012.02.16 13:33:24 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 13:33:24 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.16 13:32:02 | 000,552,278 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.02.16 13:32:02 | 000,036,964 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.02.16 13:26:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.16 13:25:58 | 1507,778,560 | -HS- | M] () -- C:\hiberfil.sys [2012.02.15 21:11:06 | 000,424,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 16:00:40 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.15 16:00:40 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.15 16:00:40 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.15 16:00:40 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.12 16:59:30 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk ========== Files Created - No Company Name ========== [2012.02.12 16:59:30 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.12 16:59:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.08.04 15:27:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.07.31 21:23:53 | 000,552,278 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.02.24 19:58:54 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2010.12.12 19:36:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.09 20:28:17 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini [2010.10.30 09:25:10 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2010.08.11 21:40:49 | 000,000,316 | ---- | C] () -- C:\Users\Juergen\AppData\Roaming\wklnhst.dat [2010.03.18 12:32:25 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.03.18 12:32:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.03.18 12:32:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.03.18 12:32:25 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2010.03.18 12:32:24 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.03.18 12:32:23 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.03.18 12:32:23 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.03.18 12:32:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,424,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.05 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Amazon [2011.03.28 08:32:52 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.11 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DWA-547A1E [2011.06.26 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\elsterformular [2010.10.30 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\HaCon [2011.01.01 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\ICQ [2010.12.22 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Subversion [2010.08.11 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Template [2012.02.16 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\TuneUp Software [2010.08.11 21:38:35 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Windows Live Writer [2010.11.22 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer [2011.03.07 16:48:29 | 000,000,000 | ---D | M] -- C:\Users\Sophia\AppData\Roaming\ICQ [2010.11.04 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\Traktorfahrer\AppData\Roaming\HaCon [2012.02.06 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Traktorfahrer\AppData\Roaming\ICQ [2011.12.28 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Traktorfahrer\AppData\Roaming\redsn0w [2011.11.14 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Traktorfahrer\AppData\Roaming\Simfy [2012.02.16 15:56:24 | 000,000,000 | ---D | M] -- C:\Users\Traktorfahrer\AppData\Roaming\TuneUp Software [2012.02.08 16:09:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.14 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Adobe [2010.11.05 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Amazon [2011.06.30 22:02:48 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Apple Computer [2011.06.11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\ArcSoft [2010.08.13 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Corel [2011.03.28 08:32:52 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.11 17:59:47 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\DWA-547A1E [2011.06.26 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\elsterformular [2010.10.30 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\HaCon [2011.01.01 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\ICQ [2010.08.10 15:56:25 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Identities [2010.08.11 17:58:58 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\InstallShield [2010.08.11 20:42:45 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Macromedia [2012.02.13 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Media Center Programs [2011.02.26 16:47:37 | 000,000,000 | --SD | M] -- C:\Users\Juergen\AppData\Roaming\Microsoft [2011.08.04 15:27:16 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Mozilla [2011.11.21 20:55:30 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Nero [2012.01.31 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Skype [2010.12.22 11:34:28 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Subversion [2010.08.11 21:40:51 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Template [2012.02.16 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\TuneUp Software [2010.08.11 21:38:35 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\Windows Live Writer [2012.02.15 23:10:09 | 000,000,000 | ---D | M] -- C:\Users\Juergen\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.02.26 16:47:37 | 000,003,262 | R--- | M] () -- C:\Users\Juergen\AppData\Roaming\Microsoft\Installer\{99CBA603-937D-4058-806F-7A9AF711A1AA}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 989 bytes -> C:\Users\Juergen\Documents\zugangsdaten_g_data_2011.eml:OECustomProperty @Alternate Data Stream - 959 bytes -> C:\Users\Juergen\Documents\solar_forum.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.02.2012 16:06:45 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Traktorfahrer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,67% Memory free
3,74 Gb Paging File | 2,54 Gb Available in Paging File | 67,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 677,54 Gb Total Space | 516,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 13,93 Gb Free Space | 69,63% Space Free | Partition Type: NTFS
Computer Name: COOLEKISTE | User Name: Juergen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\ProgramData\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{38D2B3FA-3EF5-4110-96D2-DE775BB88F68}_is1" = xGPS Manager 1.1.5
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{7E5CDECB-726B-4581-BA8C-5B11148C3FA5}" = G Data TotalCare 2012
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99CBA603-937D-4058-806F-7A9AF711A1AA}" = Eumex RNDIS Driver V1.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BAD1DB05-4593-C2C5-9C37-0BEA29D17023}" = simfy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}" = DWA-547
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}" = MediaImpression 2.0 for PENTAX
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Update
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RedShift 4" = RedShift 4
"Scratch" = Scratch
"Simfy" = simfy
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"STANLY Track" = STANLY Track
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.02.2012 09:04:20 | Computer Name = cooleKiste | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Nero\Nero
11\nero waveeditor\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\Nero\Nero 11\nero waveeditor\SMC\SMC.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: SMC,processorArchitecture="x86",type="win32",version="8.1.0.0".
Definition:
SMC,processorArchitecture="x86",type="win32",version="8.0.0.0". Verwenden Sie das
Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 13.02.2012 13:07:18 | Computer Name = cooleKiste | Source = EventSystem | ID = 4621
Description =
Error - 13.02.2012 15:16:45 | Computer Name = cooleKiste | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4bb58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bb05f ID des fehlerhaften
Prozesses: 0x14a4 Startzeit der fehlerhaften Anwendung: 0x01ccea82d9e9f11d Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 44207209-5677-11e1-9003-406186f73815
Error - 13.02.2012 16:57:20 | Computer Name = cooleKiste | Source = EventSystem | ID = 4621
Description =
Error - 14.02.2012 15:16:03 | Computer Name = cooleKiste | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4bb58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bb05f ID des fehlerhaften
Prozesses: 0x17e0 Startzeit der fehlerhaften Anwendung: 0x01cceb3fe2c771a8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 5577727c-5740-11e1-90fe-406186f73815
Error - 14.02.2012 15:17:49 | Computer Name = cooleKiste | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16912 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: cb4 Startzeit: 01cceb3745a73ba0 Endzeit: 1237 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 65d37620-5740-11e1-90fe-406186f73815
Error - 15.02.2012 06:42:29 | Computer Name = cooleKiste | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.02.2012 06:43:04 | Computer Name = cooleKiste | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Nero\Nero
11\nero recode\NeroBRServer.exe.Manifest". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.02.2012 18:26:28 | Computer Name = cooleKiste | Source = EventSystem | ID = 4621
Description =
Error - 16.02.2012 11:03:47 | Computer Name = cooleKiste | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
werden.
[ Media Center Events ]
Error - 15.01.2012 10:18:46 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 15:18:46 - Fehler beim Herstellen der Internetverbindung. 15:18:46
- Serververbindung konnte nicht hergestellt werden..
Error - 15.01.2012 10:18:55 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 15:18:51 - Fehler beim Herstellen der Internetverbindung. 15:18:51
- Serververbindung konnte nicht hergestellt werden..
Error - 21.01.2012 04:51:17 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 09:51:16 - Fehler beim Herstellen der Internetverbindung. 09:51:17
- Serververbindung konnte nicht hergestellt werden..
Error - 21.01.2012 04:51:27 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 09:51:22 - Fehler beim Herstellen der Internetverbindung. 09:51:22
- Serververbindung konnte nicht hergestellt werden..
Error - 30.01.2012 03:47:55 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 08:47:55 - Fehler beim Herstellen der Internetverbindung. 08:47:55
- Serververbindung konnte nicht hergestellt werden..
Error - 30.01.2012 03:48:05 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 08:48:00 - Fehler beim Herstellen der Internetverbindung. 08:48:00
- Serververbindung konnte nicht hergestellt werden..
Error - 01.02.2012 03:47:17 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 08:47:17 - Fehler beim Herstellen der Internetverbindung. 08:47:17
- Serververbindung konnte nicht hergestellt werden..
Error - 01.02.2012 03:47:34 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 08:47:23 - Fehler beim Herstellen der Internetverbindung. 08:47:23
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2012 07:11:21 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 12:11:21 - Fehler beim Herstellen der Internetverbindung. 12:11:21
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2012 07:11:36 | Computer Name = cooleKiste | Source = MCUpdate | ID = 0
Description = 12:11:26 - Fehler beim Herstellen der Internetverbindung. 12:11:26
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 25.11.2010 11:15:10 | Computer Name = cooleKiste | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6114
seconds with 300 seconds of active time. This session ended with a crash.
Error - 03.11.2011 02:00:18 | Computer Name = cooleKiste | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 619
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.02.2012 16:38:07 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:38:07 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:42:51 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:42:51 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:46:39 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:46:39 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:50:33 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 15.02.2012 16:50:33 | Computer Name = cooleKiste | Source = DCOM | ID = 10016
Description =
Error - 16.02.2012 08:25:59 | Computer Name = cooleKiste | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 34
Description = Die Energieverwaltungsfeatures für Leerlauf des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 16.02.2012 08:25:59 | Computer Name = cooleKiste | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 34
Description = Die Energieverwaltungsfeatures für Leerlauf des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
< End of report >
|
|
16.02.2012, 20:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Der 50€ Virus blockiert mein Benutzerkonto Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/de
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.directbox.com/
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/de
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.surfstartseite.de
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003..\Run: [{63FBB62B-A48E-11DF-B9A9-806E6F6E6963}] C:\Users\Traktorfahrer\AppData\Roaming\Microsoft\torrent.exe File not found
O4 - HKU\S-1-5-21-3909057189-2041321399-3429907483-1003..\Run: [avupdate] C:\Users\Traktorfahrer\AppData\Roaming\mahmud.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 14:01
| #9 |
| | Der 50€ Virus blockiert mein Benutzerkonto soo hier das log: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3909057189-2041321399-3429907483-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Windows\CurrentVersion\Run\\{63FBB62B-A48E-11DF-B9A9-806E6F6E6963} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63FBB62B-A48E-11DF-B9A9-806E6F6E6963}\ not found.
Registry value HKEY_USERS\S-1-5-21-3909057189-2041321399-3429907483-1003\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Juergen
->Temp folder emptied: 347600757 bytes
->Temporary Internet Files folder emptied: 174867461 bytes
->Java cache emptied: 1230024 bytes
->FireFox cache emptied: 93208204 bytes
->Flash cache emptied: 8036 bytes
User: Lisa
->Temp folder emptied: 595990640 bytes
->Temporary Internet Files folder emptied: 170192639 bytes
->Java cache emptied: 1846680 bytes
->Flash cache emptied: 21757 bytes
User: Public
User: Sophia
->Temp folder emptied: 16221337 bytes
->Temporary Internet Files folder emptied: 176955138 bytes
->Flash cache emptied: 5764 bytes
User: Traktorfahrer
->Temp folder emptied: 1252304846 bytes
->Temporary Internet Files folder emptied: 59286353 bytes
->Java cache emptied: 13259252 bytes
->FireFox cache emptied: 92986131 bytes
->Flash cache emptied: 3210692 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 322876836 bytes
RecycleBin emptied: 1012415300 bytes
Total Files Cleaned = 4.134,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.32.0 log created on 02172012_133936
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
17.02.2012, 14:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Der 50€ Virus blockiert mein Benutzerkonto Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 16:00
| #11 |
| | Der 50€ Virus blockiert mein Benutzerkonto Okay, hier ist dann der Log : Code:
ATTFilter 15:57:14.0238 1844 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:57:16.0110 1844 ============================================================
15:57:16.0110 1844 Current date / time: 2012/02/17 15:57:16.0110
15:57:16.0110 1844 SystemInfo:
15:57:16.0110 1844
15:57:16.0110 1844 OS Version: 6.1.7600 ServicePack: 0.0
15:57:16.0110 1844 Product type: Workstation
15:57:16.0110 1844 ComputerName: COOLEKISTE
15:57:16.0110 1844 UserName: Traktorfahrer
15:57:16.0110 1844 Windows directory: C:\Windows
15:57:16.0110 1844 System windows directory: C:\Windows
15:57:16.0110 1844 Processor architecture: Intel x86
15:57:16.0110 1844 Number of processors: 2
15:57:16.0110 1844 Page size: 0x1000
15:57:16.0110 1844 Boot type: Normal boot
15:57:16.0110 1844 ============================================================
15:57:17.0810 1844 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:57:17.0826 1844 \Device\Harddisk0\DR0:
15:57:17.0826 1844 MBR used
15:57:17.0826 1844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:17.0826 1844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x54B12800
15:57:17.0826 1844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54B45000, BlocksNum 0x2800000
15:57:17.0873 1844 Initialize success
15:57:17.0873 1844 ============================================================
15:57:27.0546 3580 ============================================================
15:57:27.0546 3580 Scan started
15:57:27.0546 3580 Mode: Manual; SigCheck; TDLFS;
15:57:27.0546 3580 ============================================================
15:57:29.0543 3580 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:57:29.0745 3580 1394ohci - ok
15:57:29.0792 3580 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:57:29.0823 3580 ACPI - ok
15:57:29.0886 3580 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:57:29.0964 3580 AcpiPmi - ok
15:57:30.0057 3580 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:57:30.0120 3580 adp94xx - ok
15:57:30.0151 3580 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:57:30.0182 3580 adpahci - ok
15:57:30.0213 3580 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:57:30.0245 3580 adpu320 - ok
15:57:30.0323 3580 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
15:57:30.0714 3580 Afc - ok
15:57:30.0792 3580 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:57:30.0885 3580 AFD - ok
15:57:30.0932 3580 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:57:30.0948 3580 agp440 - ok
15:57:30.0979 3580 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:57:31.0010 3580 aic78xx - ok
15:57:31.0041 3580 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:57:31.0072 3580 aliide - ok
15:57:31.0104 3580 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:57:31.0119 3580 amdagp - ok
15:57:31.0150 3580 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:57:31.0182 3580 amdide - ok
15:57:31.0213 3580 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:57:31.0244 3580 AmdK8 - ok
15:57:31.0275 3580 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:57:31.0322 3580 AmdPPM - ok
15:57:31.0369 3580 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:57:31.0384 3580 amdsata - ok
15:57:31.0431 3580 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:57:31.0462 3580 amdsbs - ok
15:57:31.0478 3580 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:57:31.0540 3580 amdxata - ok
15:57:31.0556 3580 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:57:31.0618 3580 AppID - ok
15:57:31.0665 3580 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:57:31.0696 3580 arc - ok
15:57:31.0729 3580 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:57:31.0760 3580 arcsas - ok
15:57:31.0791 3580 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:31.0838 3580 AsyncMac - ok
15:57:31.0853 3580 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:57:31.0885 3580 atapi - ok
15:57:31.0931 3580 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
15:57:32.0009 3580 athr - ok
15:57:32.0212 3580 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:57:32.0290 3580 b06bdrv - ok
15:57:32.0384 3580 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:57:32.0446 3580 b57nd60x - ok
15:57:32.0493 3580 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:57:32.0540 3580 Beep - ok
15:57:32.0587 3580 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:57:32.0618 3580 blbdrive - ok
15:57:32.0649 3580 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:57:32.0727 3580 bowser - ok
15:57:32.0758 3580 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:57:32.0805 3580 BrFiltLo - ok
15:57:32.0836 3580 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:57:32.0883 3580 BrFiltUp - ok
15:57:32.0914 3580 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:57:32.0992 3580 Brserid - ok
15:57:33.0023 3580 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:57:33.0070 3580 BrSerWdm - ok
15:57:33.0101 3580 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:57:33.0148 3580 BrUsbMdm - ok
15:57:33.0164 3580 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:57:33.0195 3580 BrUsbSer - ok
15:57:33.0226 3580 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:57:33.0273 3580 BTHMODEM - ok
15:57:33.0320 3580 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:57:33.0367 3580 cdfs - ok
15:57:33.0398 3580 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:57:33.0445 3580 cdrom - ok
15:57:33.0476 3580 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:57:33.0507 3580 circlass - ok
15:57:33.0538 3580 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:57:33.0569 3580 CLFS - ok
15:57:33.0632 3580 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:33.0663 3580 CmBatt - ok
15:57:33.0679 3580 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:57:33.0710 3580 cmdide - ok
15:57:33.0757 3580 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:57:33.0803 3580 CNG - ok
15:57:33.0835 3580 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:57:33.0881 3580 Compbatt - ok
15:57:33.0913 3580 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:57:33.0959 3580 CompositeBus - ok
15:57:33.0975 3580 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:57:34.0006 3580 crcdisk - ok
15:57:34.0069 3580 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:57:34.0178 3580 DfsC - ok
15:57:34.0209 3580 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:57:34.0271 3580 discache - ok
15:57:34.0303 3580 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:57:34.0334 3580 Disk - ok
15:57:34.0381 3580 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:57:34.0427 3580 drmkaud - ok
15:57:34.0474 3580 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:34.0521 3580 DXGKrnl - ok
15:57:34.0677 3580 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:57:34.0787 3580 ebdrv - ok
15:57:34.0834 3580 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:57:34.0865 3580 elxstor - ok
15:57:34.0881 3580 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:57:34.0943 3580 ErrDev - ok
15:57:34.0974 3580 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:57:35.0052 3580 exfat - ok
15:57:35.0068 3580 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:57:35.0130 3580 fastfat - ok
15:57:35.0146 3580 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:57:35.0177 3580 fdc - ok
15:57:35.0208 3580 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:57:35.0255 3580 FileInfo - ok
15:57:35.0271 3580 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:57:35.0333 3580 Filetrace - ok
15:57:35.0364 3580 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:35.0396 3580 flpydisk - ok
15:57:35.0427 3580 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:57:35.0458 3580 FltMgr - ok
15:57:35.0505 3580 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:57:35.0536 3580 FsDepends - ok
15:57:35.0552 3580 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:35.0583 3580 Fs_Rec - ok
15:57:35.0614 3580 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:57:35.0645 3580 fvevol - ok
15:57:35.0692 3580 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:57:35.0723 3580 gagp30kx - ok
15:57:35.0817 3580 GDBehave (1f654007b9e5764880a627b7a5390c4b) C:\Windows\system32\drivers\GDBehave.sys
15:57:35.0848 3580 GDBehave - ok
15:57:35.0879 3580 GDMnIcpt (bf8fdd85091b8ae1a0acceecf84c5298) C:\Windows\system32\drivers\MiniIcpt.sys
15:57:35.0895 3580 GDMnIcpt - ok
15:57:35.0942 3580 GdNetMon (713f952a18660429a8e23dcfe7fbf8bd) C:\Windows\system32\drivers\GdNetMon32.sys
15:57:35.0973 3580 GdNetMon - ok
15:57:36.0004 3580 GDPkIcpt (0f917bcee8f65402a2dd4024cf85ce32) C:\Windows\system32\drivers\PktIcpt.sys
15:57:36.0020 3580 GDPkIcpt - ok
15:57:36.0082 3580 gdwfpcd (230dc5507ba718a1c28fbf4985f9e979) C:\Windows\system32\drivers\gdwfpcd32.sys
15:57:36.0098 3580 gdwfpcd - ok
15:57:36.0129 3580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:57:36.0160 3580 GEARAspiWDM - ok
15:57:36.0207 3580 GRD (ce6c10e4dc3f4ee51c7f54551aaa5287) C:\Windows\system32\drivers\GRD.sys
15:57:36.0238 3580 GRD - ok
15:57:36.0269 3580 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:57:36.0316 3580 hcw85cir - ok
15:57:36.0347 3580 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:57:36.0394 3580 HdAudAddService - ok
15:57:36.0410 3580 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:36.0456 3580 HDAudBus - ok
15:57:36.0488 3580 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:57:36.0534 3580 HidBatt - ok
15:57:36.0550 3580 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:57:36.0597 3580 HidBth - ok
15:57:36.0628 3580 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:57:36.0659 3580 HidIr - ok
15:57:36.0690 3580 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:57:36.0722 3580 HidUsb - ok
15:57:36.0784 3580 HookCentre (80aa65bec9897d6f9ec684b766dc8437) C:\Windows\system32\drivers\HookCentre.sys
15:57:36.0815 3580 HookCentre - ok
15:57:36.0846 3580 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:57:36.0878 3580 HpSAMD - ok
15:57:36.0909 3580 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:57:36.0971 3580 HTTP - ok
15:57:36.0987 3580 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:57:37.0018 3580 hwpolicy - ok
15:57:37.0049 3580 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:37.0096 3580 i8042prt - ok
15:57:37.0143 3580 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:57:37.0174 3580 iaStorV - ok
15:57:37.0361 3580 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:57:37.0642 3580 igfx - ok
15:57:37.0673 3580 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:57:37.0689 3580 iirsp - ok
15:57:37.0799 3580 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
15:57:37.0924 3580 IntcAzAudAddService - ok
15:57:37.0955 3580 IntcHdmiAddService (5cf0990fc1f6676f7b00366ab224da92) C:\Windows\system32\drivers\IntcHdmi.sys
15:57:38.0064 3580 IntcHdmiAddService - ok
15:57:38.0080 3580 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:57:38.0127 3580 intelide - ok
15:57:38.0142 3580 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:38.0173 3580 intelppm - ok
15:57:38.0205 3580 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:38.0283 3580 IpFilterDriver - ok
15:57:38.0345 3580 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:57:38.0376 3580 IPMIDRV - ok
15:57:38.0407 3580 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:57:38.0470 3580 IPNAT - ok
15:57:38.0501 3580 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:57:38.0548 3580 IRENUM - ok
15:57:38.0579 3580 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:57:38.0595 3580 isapnp - ok
15:57:38.0626 3580 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:57:38.0657 3580 iScsiPrt - ok
15:57:38.0688 3580 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
15:57:38.0751 3580 jswpslwf - ok
15:57:38.0783 3580 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:38.0814 3580 kbdclass - ok
15:57:38.0845 3580 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:38.0876 3580 kbdhid - ok
15:57:38.0923 3580 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:57:38.0970 3580 KSecDD - ok
15:57:38.0986 3580 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:57:39.0017 3580 KSecPkg - ok
15:57:39.0048 3580 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:39.0110 3580 lltdio - ok
15:57:39.0157 3580 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:57:39.0188 3580 LSI_FC - ok
15:57:39.0204 3580 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:57:39.0235 3580 LSI_SAS - ok
15:57:39.0266 3580 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:57:39.0298 3580 LSI_SAS2 - ok
15:57:39.0313 3580 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:57:39.0344 3580 LSI_SCSI - ok
15:57:39.0376 3580 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:57:39.0438 3580 luafv - ok
15:57:39.0454 3580 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:57:39.0485 3580 megasas - ok
15:57:39.0532 3580 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:57:39.0563 3580 MegaSR - ok
15:57:39.0594 3580 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:57:39.0641 3580 Modem - ok
15:57:39.0703 3580 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:57:39.0750 3580 monitor - ok
15:57:39.0782 3580 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:57:39.0798 3580 mouclass - ok
15:57:39.0829 3580 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:57:39.0876 3580 mouhid - ok
15:57:39.0907 3580 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:57:39.0938 3580 mountmgr - ok
15:57:39.0954 3580 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:57:39.0985 3580 mpio - ok
15:57:40.0032 3580 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:57:40.0157 3580 mpsdrv - ok
15:57:40.0188 3580 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:57:40.0219 3580 MRxDAV - ok
15:57:40.0266 3580 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:40.0359 3580 mrxsmb - ok
15:57:40.0391 3580 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:40.0437 3580 mrxsmb10 - ok
15:57:40.0453 3580 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:40.0531 3580 mrxsmb20 - ok
15:57:40.0562 3580 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:57:40.0593 3580 msahci - ok
15:57:40.0625 3580 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:57:40.0656 3580 msdsm - ok
15:57:40.0703 3580 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:57:40.0749 3580 Msfs - ok
15:57:40.0781 3580 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:57:40.0812 3580 mshidkmdf - ok
15:57:40.0843 3580 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:57:40.0874 3580 msisadrv - ok
15:57:40.0921 3580 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:57:40.0983 3580 MSKSSRV - ok
15:57:41.0015 3580 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:41.0061 3580 MSPCLOCK - ok
15:57:41.0077 3580 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:57:41.0139 3580 MSPQM - ok
15:57:41.0171 3580 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:57:41.0186 3580 MsRPC - ok
15:57:41.0202 3580 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:57:41.0249 3580 mssmbios - ok
15:57:41.0280 3580 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:57:41.0342 3580 MSTEE - ok
15:57:41.0358 3580 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:57:41.0405 3580 MTConfig - ok
15:57:41.0405 3580 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:57:41.0451 3580 Mup - ok
15:57:41.0483 3580 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:57:41.0529 3580 NativeWifiP - ok
15:57:41.0607 3580 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
15:57:41.0623 3580 NBVol - ok
15:57:41.0654 3580 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
15:57:41.0670 3580 NBVolUp - ok
15:57:41.0701 3580 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:57:41.0748 3580 NDIS - ok
15:57:41.0763 3580 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:41.0810 3580 NdisCap - ok
15:57:41.0826 3580 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:41.0873 3580 NdisTapi - ok
15:57:41.0888 3580 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:41.0935 3580 Ndisuio - ok
15:57:41.0966 3580 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:42.0013 3580 NdisWan - ok
15:57:42.0013 3580 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:57:42.0075 3580 NDProxy - ok
15:57:42.0091 3580 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:57:42.0153 3580 NetBIOS - ok
15:57:42.0169 3580 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:57:42.0216 3580 NetBT - ok
15:57:42.0263 3580 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:57:42.0294 3580 nfrd960 - ok
15:57:42.0325 3580 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:57:42.0372 3580 Npfs - ok
15:57:42.0387 3580 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:57:42.0434 3580 nsiproxy - ok
15:57:42.0497 3580 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:57:42.0575 3580 Ntfs - ok
15:57:42.0590 3580 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:57:42.0637 3580 Null - ok
15:57:42.0684 3580 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:57:42.0715 3580 nvraid - ok
15:57:42.0762 3580 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:57:42.0777 3580 nvstor - ok
15:57:42.0809 3580 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:57:42.0840 3580 nv_agp - ok
15:57:42.0871 3580 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:57:42.0902 3580 ohci1394 - ok
15:57:42.0996 3580 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
15:57:43.0043 3580 PAC207 - ok
15:57:43.0058 3580 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:57:43.0105 3580 Parport - ok
15:57:43.0121 3580 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:57:43.0152 3580 partmgr - ok
15:57:43.0167 3580 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:57:43.0214 3580 Parvdm - ok
15:57:43.0261 3580 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:57:43.0277 3580 pci - ok
15:57:43.0308 3580 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:57:43.0339 3580 pciide - ok
15:57:43.0355 3580 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:57:43.0401 3580 pcmcia - ok
15:57:43.0401 3580 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:57:43.0433 3580 pcw - ok
15:57:43.0464 3580 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:57:43.0526 3580 PEAUTH - ok
15:57:43.0589 3580 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:57:43.0651 3580 PptpMiniport - ok
15:57:43.0682 3580 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:57:43.0729 3580 Processor - ok
15:57:43.0745 3580 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:57:43.0807 3580 Psched - ok
15:57:43.0854 3580 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:57:43.0916 3580 ql2300 - ok
15:57:43.0947 3580 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:57:43.0979 3580 ql40xx - ok
15:57:43.0994 3580 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:57:44.0041 3580 QWAVEdrv - ok
15:57:44.0057 3580 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:57:44.0119 3580 RasAcd - ok
15:57:44.0166 3580 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:57:44.0213 3580 RasAgileVpn - ok
15:57:44.0228 3580 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:44.0291 3580 Rasl2tp - ok
15:57:44.0306 3580 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:44.0353 3580 RasPppoe - ok
15:57:44.0369 3580 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:57:44.0400 3580 RasSstp - ok
15:57:44.0431 3580 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:57:44.0478 3580 rdbss - ok
15:57:44.0493 3580 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:57:44.0540 3580 rdpbus - ok
15:57:44.0540 3580 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:44.0587 3580 RDPCDD - ok
15:57:44.0603 3580 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:57:44.0649 3580 RDPENCDD - ok
15:57:44.0665 3580 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:57:44.0712 3580 RDPREFMP - ok
15:57:44.0727 3580 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:57:44.0790 3580 RDPWD - ok
15:57:44.0805 3580 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:57:44.0852 3580 rdyboost - ok
15:57:44.0883 3580 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:57:44.0946 3580 rspndr - ok
15:57:44.0993 3580 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:57:45.0117 3580 RTL8167 - ok
15:57:45.0149 3580 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:57:45.0180 3580 sbp2port - ok
15:57:45.0211 3580 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:57:45.0273 3580 scfilter - ok
15:57:45.0305 3580 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:57:45.0367 3580 secdrv - ok
15:57:45.0414 3580 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:57:45.0461 3580 Serenum - ok
15:57:45.0492 3580 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:57:45.0523 3580 Serial - ok
15:57:45.0554 3580 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:57:45.0585 3580 sermouse - ok
15:57:45.0617 3580 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:57:45.0679 3580 sffdisk - ok
15:57:45.0695 3580 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:57:45.0726 3580 sffp_mmc - ok
15:57:45.0757 3580 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:57:45.0804 3580 sffp_sd - ok
15:57:45.0819 3580 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:57:45.0835 3580 sfloppy - ok
15:57:45.0866 3580 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:57:45.0897 3580 sisagp - ok
15:57:45.0913 3580 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:57:45.0944 3580 SiSRaid2 - ok
15:57:45.0975 3580 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:57:46.0007 3580 SiSRaid4 - ok
15:57:46.0038 3580 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:57:46.0085 3580 Smb - ok
15:57:46.0116 3580 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:57:46.0147 3580 spldr - ok
15:57:46.0194 3580 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:57:46.0287 3580 srv - ok
15:57:46.0319 3580 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:57:46.0397 3580 srv2 - ok
15:57:46.0428 3580 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:46.0490 3580 srvnet - ok
15:57:46.0506 3580 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:57:46.0537 3580 stexstor - ok
15:57:46.0553 3580 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:57:46.0584 3580 swenum - ok
15:57:46.0662 3580 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
15:57:46.0771 3580 Tcpip - ok
15:57:46.0818 3580 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:46.0865 3580 TCPIP6 - ok
15:57:46.0880 3580 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:57:46.0927 3580 tcpipreg - ok
15:57:46.0958 3580 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:57:47.0005 3580 TDPIPE - ok
15:57:47.0021 3580 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:57:47.0067 3580 TDTCP - ok
15:57:47.0099 3580 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:57:47.0130 3580 tdx - ok
15:57:47.0161 3580 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:57:47.0177 3580 TermDD - ok
15:57:47.0223 3580 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:47.0270 3580 tssecsrv - ok
15:57:47.0301 3580 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:47.0348 3580 tunnel - ok
15:57:47.0379 3580 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:57:47.0395 3580 uagp35 - ok
15:57:47.0426 3580 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:57:47.0489 3580 udfs - ok
15:57:47.0535 3580 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:57:47.0551 3580 uliagpkx - ok
15:57:47.0582 3580 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:57:47.0629 3580 umbus - ok
15:57:47.0660 3580 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:57:47.0691 3580 UmPass - ok
15:57:47.0754 3580 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:57:47.0801 3580 USBAAPL - ok
15:57:47.0847 3580 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
15:57:47.0925 3580 usbccgp - ok
15:57:47.0972 3580 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:57:48.0003 3580 usbcir - ok
15:57:48.0035 3580 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:57:48.0113 3580 usbehci - ok
15:57:48.0128 3580 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:48.0206 3580 usbhub - ok
15:57:48.0237 3580 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:57:48.0269 3580 usbohci - ok
15:57:48.0300 3580 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:57:48.0347 3580 usbprint - ok
15:57:48.0362 3580 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:48.0456 3580 USBSTOR - ok
15:57:48.0471 3580 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:48.0534 3580 usbuhci - ok
15:57:48.0596 3580 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
15:57:48.0627 3580 usb_rndisx - ok
15:57:48.0674 3580 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:57:48.0705 3580 vdrvroot - ok
15:57:48.0721 3580 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:48.0768 3580 vga - ok
15:57:48.0783 3580 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:57:48.0815 3580 VgaSave - ok
15:57:48.0846 3580 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:57:48.0877 3580 vhdmp - ok
15:57:48.0924 3580 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:57:48.0939 3580 viaagp - ok
15:57:48.0971 3580 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:57:49.0002 3580 ViaC7 - ok
15:57:49.0033 3580 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:57:49.0064 3580 viaide - ok
15:57:49.0080 3580 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:57:49.0111 3580 volmgr - ok
15:57:49.0127 3580 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:57:49.0173 3580 volmgrx - ok
15:57:49.0189 3580 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:57:49.0220 3580 volsnap - ok
15:57:49.0251 3580 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:57:49.0283 3580 vsmraid - ok
15:57:49.0314 3580 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:57:49.0361 3580 vwifibus - ok
15:57:49.0392 3580 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:57:49.0423 3580 vwififlt - ok
15:57:49.0454 3580 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:57:49.0485 3580 WacomPen - ok
15:57:49.0501 3580 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:49.0563 3580 WANARP - ok
15:57:49.0563 3580 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:49.0610 3580 Wanarpv6 - ok
15:57:49.0673 3580 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:57:49.0704 3580 Wd - ok
15:57:49.0751 3580 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:57:49.0782 3580 Wdf01000 - ok
15:57:49.0829 3580 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:49.0875 3580 WfpLwf - ok
15:57:49.0907 3580 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:57:49.0922 3580 WIMMount - ok
15:57:50.0000 3580 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:57:50.0031 3580 WinUsb - ok
15:57:50.0063 3580 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:50.0094 3580 WmiAcpi - ok
15:57:50.0141 3580 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:50.0187 3580 ws2ifsl - ok
15:57:50.0219 3580 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:57:50.0250 3580 WudfPf - ok
15:57:50.0281 3580 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:50.0328 3580 WUDFRd - ok
15:57:50.0375 3580 MBR (0x1B8) (01c6ae8eadd5f5b4c22dd5848d9cb4b9) \Device\Harddisk0\DR0
15:57:52.0839 3580 \Device\Harddisk0\DR0 - ok
15:57:52.0855 3580 Boot (0x1200) (ea4ad34989496d1b899bc6d0a575ff72) \Device\Harddisk0\DR0\Partition0
15:57:52.0855 3580 \Device\Harddisk0\DR0\Partition0 - ok
15:57:52.0886 3580 Boot (0x1200) (9c4cb73ac68fd4cc3ebb09970e567e1e) \Device\Harddisk0\DR0\Partition1
15:57:52.0886 3580 \Device\Harddisk0\DR0\Partition1 - ok
15:57:52.0902 3580 Boot (0x1200) (2d7fb6abb1db228acec2621064b86ec3) \Device\Harddisk0\DR0\Partition2
15:57:52.0917 3580 \Device\Harddisk0\DR0\Partition2 - ok
15:57:52.0917 3580 ============================================================
15:57:52.0917 3580 Scan finished
15:57:52.0917 3580 ============================================================
15:57:52.0933 2256 Detected object count: 0
15:57:52.0933 2256 Actual detected object count: 0
15:58:50.0289 1032 ============================================================
15:58:50.0289 1032 Scan started
15:58:50.0289 1032 Mode: Manual; SigCheck; TDLFS;
15:58:50.0289 1032 ============================================================
15:58:50.0929 1032 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:58:51.0007 1032 1394ohci - ok
15:58:51.0023 1032 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:58:51.0054 1032 ACPI - ok
15:58:51.0085 1032 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:58:51.0116 1032 AcpiPmi - ok
15:58:51.0147 1032 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:58:51.0179 1032 adp94xx - ok
15:58:51.0225 1032 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:58:51.0257 1032 adpahci - ok
15:58:51.0272 1032 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:58:51.0303 1032 adpu320 - ok
15:58:51.0350 1032 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
15:58:51.0366 1032 Afc - ok
15:58:51.0397 1032 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
15:58:51.0428 1032 AFD - ok
15:58:51.0459 1032 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:58:51.0475 1032 agp440 - ok
15:58:51.0491 1032 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:58:51.0522 1032 aic78xx - ok
15:58:51.0553 1032 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:58:51.0569 1032 aliide - ok
15:58:51.0600 1032 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:58:51.0615 1032 amdagp - ok
15:58:51.0647 1032 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:58:51.0662 1032 amdide - ok
15:58:51.0678 1032 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:58:51.0709 1032 AmdK8 - ok
15:58:51.0725 1032 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:58:51.0756 1032 AmdPPM - ok
15:58:51.0803 1032 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
15:58:51.0834 1032 amdsata - ok
15:58:51.0865 1032 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:58:51.0896 1032 amdsbs - ok
15:58:51.0912 1032 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
15:58:51.0927 1032 amdxata - ok
15:58:51.0943 1032 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:58:51.0974 1032 AppID - ok
15:58:52.0021 1032 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:58:52.0068 1032 arc - ok
15:58:52.0099 1032 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:58:52.0130 1032 arcsas - ok
15:58:52.0146 1032 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:52.0177 1032 AsyncMac - ok
15:58:52.0193 1032 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:58:52.0208 1032 atapi - ok
15:58:52.0255 1032 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
15:58:52.0286 1032 athr - ok
15:58:52.0349 1032 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:58:52.0380 1032 b06bdrv - ok
15:58:52.0395 1032 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:58:52.0411 1032 b57nd60x - ok
15:58:52.0442 1032 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:58:52.0489 1032 Beep - ok
15:58:52.0505 1032 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:58:52.0536 1032 blbdrive - ok
15:58:52.0551 1032 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
15:58:52.0583 1032 bowser - ok
15:58:52.0598 1032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:58:52.0629 1032 BrFiltLo - ok
15:58:52.0645 1032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:58:52.0676 1032 BrFiltUp - ok
15:58:52.0707 1032 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:58:52.0723 1032 Brserid - ok
15:58:52.0754 1032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:58:52.0785 1032 BrSerWdm - ok
15:58:52.0801 1032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:58:52.0833 1032 BrUsbMdm - ok
15:58:52.0849 1032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:58:52.0880 1032 BrUsbSer - ok
15:58:52.0911 1032 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:58:52.0942 1032 BTHMODEM - ok
15:58:52.0958 1032 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:52.0989 1032 cdfs - ok
15:58:53.0020 1032 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:53.0036 1032 cdrom - ok
15:58:53.0052 1032 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:58:53.0083 1032 circlass - ok
15:58:53.0114 1032 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:58:53.0145 1032 CLFS - ok
15:58:53.0176 1032 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:53.0192 1032 CmBatt - ok
15:58:53.0208 1032 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:58:53.0239 1032 cmdide - ok
15:58:53.0286 1032 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
15:58:53.0332 1032 CNG - ok
15:58:53.0348 1032 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:53.0364 1032 Compbatt - ok
15:58:53.0379 1032 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:58:53.0410 1032 CompositeBus - ok
15:58:53.0426 1032 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:58:53.0457 1032 crcdisk - ok
15:58:53.0504 1032 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
15:58:53.0520 1032 DfsC - ok
15:58:53.0535 1032 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:58:53.0582 1032 discache - ok
15:58:53.0598 1032 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:58:53.0613 1032 Disk - ok
15:58:53.0644 1032 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:58:53.0660 1032 drmkaud - ok
15:58:53.0722 1032 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:53.0754 1032 DXGKrnl - ok
15:58:53.0848 1032 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:58:53.0911 1032 ebdrv - ok
15:58:53.0957 1032 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:58:53.0989 1032 elxstor - ok
15:58:54.0004 1032 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:58:54.0035 1032 ErrDev - ok
15:58:54.0067 1032 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:58:54.0098 1032 exfat - ok
15:58:54.0129 1032 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:58:54.0160 1032 fastfat - ok
15:58:54.0191 1032 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:58:54.0223 1032 fdc - ok
15:58:54.0238 1032 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:58:54.0254 1032 FileInfo - ok
15:58:54.0285 1032 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:58:54.0316 1032 Filetrace - ok
15:58:54.0347 1032 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:58:54.0363 1032 flpydisk - ok
15:58:54.0394 1032 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:58:54.0425 1032 FltMgr - ok
15:58:54.0441 1032 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:58:54.0457 1032 FsDepends - ok
15:58:54.0488 1032 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:54.0503 1032 Fs_Rec - ok
15:58:54.0535 1032 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:58:54.0566 1032 fvevol - ok
15:58:54.0581 1032 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:58:54.0597 1032 gagp30kx - ok
15:58:54.0659 1032 GDBehave (1f654007b9e5764880a627b7a5390c4b) C:\Windows\system32\drivers\GDBehave.sys
15:58:54.0691 1032 GDBehave - ok
15:58:54.0706 1032 GDMnIcpt (bf8fdd85091b8ae1a0acceecf84c5298) C:\Windows\system32\drivers\MiniIcpt.sys
15:58:54.0722 1032 GDMnIcpt - ok
15:58:54.0753 1032 GdNetMon (713f952a18660429a8e23dcfe7fbf8bd) C:\Windows\system32\drivers\GdNetMon32.sys
15:58:54.0769 1032 GdNetMon - ok
15:58:54.0800 1032 GDPkIcpt (0f917bcee8f65402a2dd4024cf85ce32) C:\Windows\system32\drivers\PktIcpt.sys
15:58:54.0831 1032 GDPkIcpt - ok
15:58:54.0847 1032 gdwfpcd (230dc5507ba718a1c28fbf4985f9e979) C:\Windows\system32\drivers\gdwfpcd32.sys
15:58:54.0862 1032 gdwfpcd - ok
15:58:54.0893 1032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:54.0940 1032 GEARAspiWDM - ok
15:58:54.0971 1032 GRD (ce6c10e4dc3f4ee51c7f54551aaa5287) C:\Windows\system32\drivers\GRD.sys
15:58:55.0003 1032 GRD - ok
15:58:55.0034 1032 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:58:55.0049 1032 hcw85cir - ok
15:58:55.0081 1032 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:58:55.0112 1032 HdAudAddService - ok
15:58:55.0127 1032 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:55.0159 1032 HDAudBus - ok
15:58:55.0174 1032 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:58:55.0205 1032 HidBatt - ok
15:58:55.0221 1032 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:58:55.0252 1032 HidBth - ok
15:58:55.0252 1032 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:58:55.0283 1032 HidIr - ok
15:58:55.0299 1032 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:55.0330 1032 HidUsb - ok
15:58:55.0346 1032 HookCentre (80aa65bec9897d6f9ec684b766dc8437) C:\Windows\system32\drivers\HookCentre.sys
15:58:55.0361 1032 HookCentre - ok
15:58:55.0393 1032 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:58:55.0408 1032 HpSAMD - ok
15:58:55.0439 1032 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:58:55.0486 1032 HTTP - ok
15:58:55.0517 1032 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:58:55.0533 1032 hwpolicy - ok
15:58:55.0549 1032 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:58:55.0580 1032 i8042prt - ok
15:58:55.0627 1032 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
15:58:55.0673 1032 iaStorV - ok
15:58:55.0861 1032 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:58:55.0985 1032 igfx - ok
15:58:56.0001 1032 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:58:56.0032 1032 iirsp - ok
15:58:56.0126 1032 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys
15:58:56.0188 1032 IntcAzAudAddService - ok
15:58:56.0219 1032 IntcHdmiAddService (5cf0990fc1f6676f7b00366ab224da92) C:\Windows\system32\drivers\IntcHdmi.sys
15:58:56.0251 1032 IntcHdmiAddService - ok
15:58:56.0266 1032 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:58:56.0297 1032 intelide - ok
15:58:56.0329 1032 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:56.0375 1032 intelppm - ok
15:58:56.0407 1032 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:56.0438 1032 IpFilterDriver - ok
15:58:56.0469 1032 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:58:56.0500 1032 IPMIDRV - ok
15:58:56.0516 1032 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:58:56.0547 1032 IPNAT - ok
15:58:56.0578 1032 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:58:56.0594 1032 IRENUM - ok
15:58:56.0625 1032 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:58:56.0641 1032 isapnp - ok
15:58:56.0656 1032 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:56.0687 1032 iScsiPrt - ok
15:58:56.0703 1032 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
15:58:56.0734 1032 jswpslwf - ok
15:58:56.0765 1032 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:56.0781 1032 kbdclass - ok
15:58:56.0797 1032 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:56.0828 1032 kbdhid - ok
15:58:56.0875 1032 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
15:58:56.0890 1032 KSecDD - ok
15:58:56.0937 1032 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
15:58:56.0953 1032 KSecPkg - ok
15:58:56.0984 1032 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:57.0015 1032 lltdio - ok
15:58:57.0062 1032 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:58:57.0093 1032 LSI_FC - ok
15:58:57.0109 1032 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:58:57.0140 1032 LSI_SAS - ok
15:58:57.0140 1032 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:58:57.0171 1032 LSI_SAS2 - ok
15:58:57.0202 1032 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:58:57.0233 1032 LSI_SCSI - ok
15:58:57.0249 1032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:58:57.0280 1032 luafv - ok
15:58:57.0311 1032 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:58:57.0343 1032 megasas - ok
15:58:57.0389 1032 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:58:57.0405 1032 MegaSR - ok
15:58:57.0436 1032 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:58:57.0483 1032 Modem - ok
15:58:57.0499 1032 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:58:57.0545 1032 monitor - ok
15:58:57.0561 1032 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:57.0592 1032 mouclass - ok
15:58:57.0608 1032 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:57.0639 1032 mouhid - ok
15:58:57.0655 1032 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:58:57.0670 1032 mountmgr - ok
15:58:57.0701 1032 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:58:57.0717 1032 mpio - ok
15:58:57.0733 1032 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:58:57.0764 1032 mpsdrv - ok
15:58:57.0795 1032 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:58:57.0826 1032 MRxDAV - ok
15:58:57.0857 1032 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:57.0889 1032 mrxsmb - ok
15:58:57.0920 1032 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:57.0951 1032 mrxsmb10 - ok
15:58:57.0967 1032 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:57.0998 1032 mrxsmb20 - ok
15:58:58.0013 1032 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:58:58.0045 1032 msahci - ok
15:58:58.0076 1032 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:58:58.0091 1032 msdsm - ok
15:58:58.0123 1032 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:58:58.0154 1032 Msfs - ok
15:58:58.0169 1032 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:58:58.0216 1032 mshidkmdf - ok
15:58:58.0232 1032 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:58:58.0247 1032 msisadrv - ok
15:58:58.0279 1032 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:58.0310 1032 MSKSSRV - ok
15:58:58.0325 1032 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:58.0372 1032 MSPCLOCK - ok
15:58:58.0403 1032 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:58:58.0435 1032 MSPQM - ok
15:58:58.0481 1032 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:58:58.0513 1032 MsRPC - ok
15:58:58.0528 1032 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:58.0559 1032 mssmbios - ok
15:58:58.0575 1032 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:58:58.0622 1032 MSTEE - ok
15:58:58.0653 1032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:58:58.0684 1032 MTConfig - ok
15:58:58.0684 1032 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:58:58.0715 1032 Mup - ok
15:58:58.0731 1032 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:58.0762 1032 NativeWifiP - ok
15:58:58.0809 1032 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
15:58:58.0825 1032 NBVol - ok
15:58:58.0840 1032 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
15:58:58.0871 1032 NBVolUp - ok
15:58:58.0887 1032 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:58:58.0934 1032 NDIS - ok
15:58:58.0949 1032 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:58.0981 1032 NdisCap - ok
15:58:59.0012 1032 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:59.0043 1032 NdisTapi - ok
15:58:59.0059 1032 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:59.0090 1032 Ndisuio - ok
15:58:59.0121 1032 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:59.0152 1032 NdisWan - ok
15:58:59.0168 1032 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:58:59.0199 1032 NDProxy - ok
15:58:59.0215 1032 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:58:59.0246 1032 NetBIOS - ok
15:58:59.0261 1032 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:58:59.0308 1032 NetBT - ok
15:58:59.0339 1032 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:58:59.0355 1032 nfrd960 - ok
15:58:59.0386 1032 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:58:59.0433 1032 Npfs - ok
15:58:59.0449 1032 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:58:59.0480 1032 nsiproxy - ok
15:58:59.0542 1032 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
15:58:59.0589 1032 Ntfs - ok
15:58:59.0605 1032 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:58:59.0651 1032 Null - ok
15:58:59.0698 1032 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
15:58:59.0714 1032 nvraid - ok
15:58:59.0761 1032 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
15:58:59.0792 1032 nvstor - ok
15:58:59.0823 1032 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:58:59.0839 1032 nv_agp - ok
15:58:59.0870 1032 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:58:59.0901 1032 ohci1394 - ok
15:58:59.0948 1032 PAC207 (4a410c7aea51123519c20d43a20bce96) C:\Windows\system32\DRIVERS\PFC027.SYS
15:58:59.0979 1032 PAC207 - ok
15:59:00.0010 1032 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:59:00.0026 1032 Parport - ok
15:59:00.0041 1032 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:59:00.0073 1032 partmgr - ok
15:59:00.0104 1032 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:59:00.0119 1032 Parvdm - ok
15:59:00.0151 1032 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:59:00.0182 1032 pci - ok
15:59:00.0197 1032 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:59:00.0213 1032 pciide - ok
15:59:00.0244 1032 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:00.0275 1032 pcmcia - ok
15:59:00.0291 1032 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:59:00.0307 1032 pcw - ok
15:59:00.0338 1032 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:59:00.0385 1032 PEAUTH - ok
15:59:00.0431 1032 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:00.0478 1032 PptpMiniport - ok
15:59:00.0494 1032 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:59:00.0509 1032 Processor - ok
15:59:00.0541 1032 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:59:00.0587 1032 Psched - ok
15:59:00.0650 1032 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:59:00.0697 1032 ql2300 - ok
15:59:00.0728 1032 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:59:00.0759 1032 ql40xx - ok
15:59:00.0790 1032 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:59:00.0821 1032 QWAVEdrv - ok
15:59:00.0837 1032 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:00.0868 1032 RasAcd - ok
15:59:00.0899 1032 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:59:00.0931 1032 RasAgileVpn - ok
15:59:00.0962 1032 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:00.0993 1032 Rasl2tp - ok
15:59:01.0009 1032 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:01.0040 1032 RasPppoe - ok
15:59:01.0071 1032 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:01.0102 1032 RasSstp - ok
15:59:01.0118 1032 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:01.0149 1032 rdbss - ok
15:59:01.0180 1032 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:59:01.0211 1032 rdpbus - ok
15:59:01.0227 1032 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:01.0258 1032 RDPCDD - ok
15:59:01.0274 1032 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:59:01.0321 1032 RDPENCDD - ok
15:59:01.0321 1032 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:59:01.0367 1032 RDPREFMP - ok
15:59:01.0383 1032 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:59:01.0430 1032 RDPWD - ok
15:59:01.0445 1032 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:59:01.0477 1032 rdyboost - ok
15:59:01.0508 1032 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:01.0555 1032 rspndr - ok
15:59:01.0586 1032 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:59:01.0633 1032 RTL8167 - ok
15:59:01.0664 1032 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:59:01.0695 1032 sbp2port - ok
15:59:01.0711 1032 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:59:01.0742 1032 scfilter - ok
15:59:01.0773 1032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:59:01.0804 1032 secdrv - ok
15:59:01.0851 1032 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:59:01.0867 1032 Serenum - ok
15:59:01.0898 1032 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:59:01.0929 1032 Serial - ok
15:59:01.0945 1032 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:59:01.0976 1032 sermouse - ok
15:59:01.0991 1032 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:59:02.0023 1032 sffdisk - ok
15:59:02.0038 1032 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:59:02.0054 1032 sffp_mmc - ok
15:59:02.0069 1032 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:59:02.0101 1032 sffp_sd - ok
15:59:02.0116 1032 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:59:02.0132 1032 sfloppy - ok
15:59:02.0179 1032 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:59:02.0210 1032 sisagp - ok
15:59:02.0225 1032 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:59:02.0241 1032 SiSRaid2 - ok
15:59:02.0272 1032 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:59:02.0288 1032 SiSRaid4 - ok
15:59:02.0319 1032 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:59:02.0350 1032 Smb - ok
15:59:02.0381 1032 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:59:02.0413 1032 spldr - ok
15:59:02.0459 1032 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
15:59:02.0491 1032 srv - ok
15:59:02.0522 1032 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
15:59:02.0553 1032 srv2 - ok
15:59:02.0569 1032 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:02.0600 1032 srvnet - ok
15:59:02.0631 1032 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:59:02.0647 1032 stexstor - ok
15:59:02.0678 1032 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:59:02.0693 1032 swenum - ok
15:59:02.0787 1032 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
15:59:02.0818 1032 Tcpip - ok
15:59:02.0881 1032 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:02.0943 1032 TCPIP6 - ok
15:59:02.0960 1032 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:59:02.0991 1032 tcpipreg - ok
15:59:03.0006 1032 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:59:03.0053 1032 TDPIPE - ok
15:59:03.0053 1032 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:59:03.0084 1032 TDTCP - ok
15:59:03.0116 1032 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:59:03.0147 1032 tdx - ok
15:59:03.0162 1032 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:59:03.0194 1032 TermDD - ok
15:59:03.0225 1032 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:03.0256 1032 tssecsrv - ok
15:59:03.0287 1032 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:03.0318 1032 tunnel - ok
15:59:03.0334 1032 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:59:03.0365 1032 uagp35 - ok
15:59:03.0396 1032 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:59:03.0428 1032 udfs - ok
15:59:03.0474 1032 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:59:03.0490 1032 uliagpkx - ok
15:59:03.0521 1032 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:59:03.0537 1032 umbus - ok
15:59:03.0568 1032 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:59:03.0584 1032 UmPass - ok
15:59:03.0646 1032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:59:03.0677 1032 USBAAPL - ok
15:59:03.0724 1032 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
15:59:03.0755 1032 usbccgp - ok
15:59:03.0771 1032 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:59:03.0802 1032 usbcir - ok
15:59:03.0849 1032 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:03.0880 1032 usbehci - ok
15:59:03.0911 1032 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:03.0942 1032 usbhub - ok
15:59:03.0990 1032 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
15:59:04.0006 1032 usbohci - ok
15:59:04.0037 1032 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:59:04.0068 1032 usbprint - ok
15:59:04.0099 1032 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:04.0131 1032 USBSTOR - ok
15:59:04.0146 1032 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:04.0162 1032 usbuhci - ok
15:59:04.0209 1032 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
15:59:04.0240 1032 usb_rndisx - ok
15:59:04.0271 1032 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:59:04.0287 1032 vdrvroot - ok
15:59:04.0302 1032 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:04.0333 1032 vga - ok
15:59:04.0349 1032 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:59:04.0380 1032 VgaSave - ok
15:59:04.0411 1032 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:59:04.0443 1032 vhdmp - ok
15:59:04.0474 1032 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:59:04.0505 1032 viaagp - ok
15:59:04.0521 1032 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:59:04.0552 1032 ViaC7 - ok
15:59:04.0552 1032 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:59:04.0583 1032 viaide - ok
15:59:04.0599 1032 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:59:04.0630 1032 volmgr - ok
15:59:04.0645 1032 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:59:04.0677 1032 volmgrx - ok
15:59:04.0708 1032 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:59:04.0739 1032 volsnap - ok
15:59:04.0770 1032 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:59:04.0801 1032 vsmraid - ok
15:59:04.0817 1032 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:59:04.0848 1032 vwifibus - ok
15:59:04.0864 1032 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:59:04.0895 1032 vwififlt - ok
15:59:04.0911 1032 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:59:04.0942 1032 WacomPen - ok
15:59:04.0957 1032 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:05.0004 1032 WANARP - ok
15:59:05.0004 1032 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:05.0051 1032 Wanarpv6 - ok
15:59:05.0098 1032 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:59:05.0113 1032 Wd - ok
15:59:05.0145 1032 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:59:05.0176 1032 Wdf01000 - ok
15:59:05.0207 1032 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:59:05.0254 1032 WfpLwf - ok
15:59:05.0269 1032 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:59:05.0285 1032 WIMMount - ok
15:59:05.0347 1032 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
15:59:05.0379 1032 WinUsb - ok
15:59:05.0394 1032 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:05.0425 1032 WmiAcpi - ok
15:59:05.0457 1032 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:05.0503 1032 ws2ifsl - ok
15:59:05.0535 1032 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:59:05.0566 1032 WudfPf - ok
15:59:05.0581 1032 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:05.0613 1032 WUDFRd - ok
15:59:05.0644 1032 MBR (0x1B8) (01c6ae8eadd5f5b4c22dd5848d9cb4b9) \Device\Harddisk0\DR0
15:59:08.0015 1032 \Device\Harddisk0\DR0 - ok
15:59:08.0031 1032 Boot (0x1200) (ea4ad34989496d1b899bc6d0a575ff72) \Device\Harddisk0\DR0\Partition0
15:59:08.0031 1032 \Device\Harddisk0\DR0\Partition0 - ok
15:59:08.0046 1032 Boot (0x1200) (9c4cb73ac68fd4cc3ebb09970e567e1e) \Device\Harddisk0\DR0\Partition1
15:59:08.0046 1032 \Device\Harddisk0\DR0\Partition1 - ok
15:59:08.0078 1032 Boot (0x1200) (2d7fb6abb1db228acec2621064b86ec3) \Device\Harddisk0\DR0\Partition2
15:59:08.0078 1032 \Device\Harddisk0\DR0\Partition2 - ok
15:59:08.0093 1032 ============================================================
15:59:08.0093 1032 Scan finished
15:59:08.0093 1032 ============================================================
15:59:08.0093 6124 Detected object count: 0
15:59:08.0093 6124 Actual detected object count: 0
Gruß Geändert von CanadianFarm (17.02.2012 um 16:19 Uhr) |
|
17.02.2012, 17:50
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Der 50€ Virus blockiert mein Benutzerkonto Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Der 50€ Virus blockiert mein Benutzerkonto |
| administrator, anti-malware, appdata, autostart, backdoor.messa, benutzerkonto, blockiert, code, computer, dateien, dateisystem, eset, euro, exploit.drop.2, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, malwarebytes, microsoft, online, quarantäne, roaming, scan, speicher, temp, torrent.exe, trojaner, update, verseucht, version, virus |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
