| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-0840.FL - Virus losgeworden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2012, 20:55
| #16 |
 |  EXP/CVE-2010-0840.FL - Virus losgeworden? Sodele. Einmal im normalen Modus: Code:
ATTFilter OTL logfile created on: 08.03.2012 20:36:19 - Run 2 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Ragey\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,69% Memory free 8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 18,06 Gb Free Space | 32,37% Space Free | Partition Type: NTFS Drive E: | 29,29 Gb Total Space | 14,63 Gb Free Space | 49,93% Space Free | Partition Type: NTFS Drive F: | 566,88 Gb Total Space | 60,48 Gb Free Space | 10,67% Space Free | Partition Type: NTFS Drive M: | 732,42 Gb Total Space | 173,06 Gb Free Space | 23,63% Space Free | Partition Type: NTFS Drive S: | 199,09 Gb Total Space | 134,03 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Computer Name: BANANANA | User Name: Ragey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.06 02:22:48 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.03.06 02:17:42 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.09.15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe PRC - [2007.07.18 09:19:02 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe ========== Modules (No Company Name) ========== MOD - [2009.12.08 15:50:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.11.30 18:53:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe MOD - [2006.06.09 19:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2012.02.26 21:28:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.27 12:12:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2011.02.27 12:12:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.11.15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.09.13 11:40:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.09.13 11:40:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.02.28 16:33:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.02.27 11:59:52 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.11.02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010.10.25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2010.10.25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2010.03.06 03:53:22 | 001,561,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.03.06 03:53:08 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.03.06 03:53:00 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.03.06 03:52:52 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.03.06 03:52:44 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.03.06 03:52:36 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.03.06 03:52:26 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009.05.20 10:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01 [binary data] IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.05 11:37:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.08 21:43:13 | 000,000,000 | ---D | M] [2011.02.27 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Extensions [2012.03.05 11:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Firefox\Profiles\f66f7kgp.default\extensions [2011.03.09 11:06:05 | 000,001,180 | ---- | M] () -- C:\Users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\searchplugins\urban-dictionary.xml [2012.03.05 11:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI [2012.03.05 11:37:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.27 16:57:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.05 11:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.05 11:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.05 11:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.05 11:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.05 11:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.05 11:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.28 16:29:20 | 000,001,163 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [7 Taskbar Tweaker] C:\Program Files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe () O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [DeskSave] C:\Program Files (x86)\Desksave\DeskSave.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{233C1A0D-6BF9-4BBE-8E72-BA6E811792E4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4D7CB59-27AE-47B1-B48D-DDA81DBB2813}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk E:\ O32 - Unable to obtain root file information for disk F:\ O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.08 15:45:54 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe [2012.03.08 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.06 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes [2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.06 19:09:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.06 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.06 19:08:59 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.05 21:35:07 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe [2012.03.05 11:24:15 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe [2012.03.05 11:24:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe [2012.03.04 22:02:35 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\TeamViewer [2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Opera [2012.03.03 11:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine [2012.02.28 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN [2012.02.25 13:31:59 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\MusikG [2012.02.18 15:59:25 | 000,000,000 | ---D | C] -- C:\BDS [2012.02.12 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\120210_Testkali [2012.02.12 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\KalibrierSerieFertig2 - Kopie [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.08 19:57:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.08 19:57:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.08 19:57:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.08 19:57:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.08 19:57:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.08 19:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.08 19:50:11 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe [2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2012.03.07 20:50:16 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2012.03.06 19:09:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 19:09:05 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe [2012.03.06 18:15:51 | 004,989,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.05 21:35:39 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.05 20:53:35 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe [2012.03.05 11:35:24 | 000,236,732 | ---- | M] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json [2012.03.05 11:15:07 | 001,857,786 | ---- | M] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip [2012.03.05 11:10:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe [2012.03.04 21:51:53 | 000,632,600 | ---- | M] () -- C:\Users\Ragey\Desktop\Unbenannt.png [2012.03.04 21:48:33 | 000,048,623 | ---- | M] () -- C:\Users\Ragey\Desktop\md5check.zip [2012.03.01 19:06:41 | 000,057,023 | ---- | M] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg [2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.02.19 17:12:59 | 000,001,094 | ---- | M] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk [2012.02.14 13:10:12 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.08 12:08:41 | 000,002,090 | ---- | C] () -- C:\Users\Ragey\Desktop\AntiVir starten.lnk [2012.03.06 19:09:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.06 18:15:38 | 004,989,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.05 21:35:39 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.05 11:35:24 | 000,236,732 | ---- | C] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json [2012.03.05 11:24:15 | 000,072,268 | ---- | C] () -- C:\Users\Ragey\Desktop\procexp.chm [2012.03.05 11:24:05 | 001,857,786 | ---- | C] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip [2012.03.05 11:24:05 | 000,048,623 | ---- | C] () -- C:\Users\Ragey\Desktop\md5check.zip [2012.03.04 21:51:52 | 000,632,600 | ---- | C] () -- C:\Users\Ragey\Desktop\Unbenannt.png [2012.03.01 19:06:41 | 000,057,023 | ---- | C] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg [2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.02.19 17:12:59 | 000,001,094 | ---- | C] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk [2012.01.29 13:30:58 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.30 12:37:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT [2011.05.23 11:39:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.05.20 17:51:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.16 13:56:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.04 12:29:55 | 000,007,597 | ---- | C] () -- C:\Users\Ragey\AppData\Local\Resmon.ResmonCfg [2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble [2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\Users\Ragey\AppData\Roaming\Static Library [2011.03.03 13:58:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.02.28 18:55:40 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.27 22:16:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.02.27 22:16:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.02.27 22:16:49 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.02.27 22:16:49 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.02.27 12:13:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.02.27 12:13:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.02.27 12:12:48 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2011.02.27 12:12:48 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2011.02.27 12:12:48 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2011.02.27 12:12:48 | 000,021,164 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2011.02.27 12:12:48 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2011.02.27 12:12:48 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2011.02.27 12:12:48 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2011.02.27 12:12:48 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2011.02.27 12:12:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2011.02.27 12:12:38 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2011.02.27 11:55:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== LOP Check ========== [2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine [2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited [2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook [2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite [2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile [2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox [2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon [2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera [2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games [2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware [2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer [2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2 [2012.02.07 16:45:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.06 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Adobe [2011.03.01 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Avira [2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine [2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited [2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook [2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite [2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile [2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox [2011.09.18 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\dvdcss [2011.03.03 16:35:01 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\FastStone [2012.03.04 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Identities [2011.02.27 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\InstallShield [2011.02.28 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Macromedia [2012.03.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Media Center Programs [2011.07.07 17:00:17 | 000,000,000 | --SD | M] -- C:\Users\Ragey\AppData\Roaming\Microsoft [2011.02.27 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Mozilla [2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon [2011.10.19 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\NVIDIA [2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera [2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games [2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware [2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer [2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2 [2012.02.12 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\vlc [2012.03.05 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Winamp [2011.02.27 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WinRAR [2011.02.28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WTablet < %APPDATA%\*.exe /s > [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.12.05 16:06:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ragey\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.05.30 12:37:48 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Ragey\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
08.03.2012, 22:39
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EXP/CVE-2010-0840.FL - Virus losgeworden? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01 [binary data]
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe
:Files
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Geändert von cosinus (08.03.2012 um 23:30 Uhr) Grund: Hab den Fund von ESET noch eingebaut |
|
08.03.2012, 23:21
| #18 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Reicht es da, wenn der Antivir Guard deaktiviert ist, oder darf gar keine Instanz von Antivir laufen?
__________________Und der Fund von ESET, muss ich da auch noch irgendwas separat löschen? Entschuldige, wenn ich voreilige Fragen stelle :/ Ich muss jetzt leider langsam Schluss machen, morgen früh ruft die Arbeit. Ich mache dann an der Stelle morgen nachmittag weiter. Aber schonmal vielen Dank für die Zeit, die du heute erübrigt hast. Gute Nacht!  |
|
08.03.2012, 23:31
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Nein das ist schon so ok, hab den Fund von ESET noch mit ins Script aufgenommen. Es reicht wenn du AntiVir deaktivierst
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.03.2012, 07:28
| #20 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Morgen! Habs gerade noch schnell laufen lassen: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
File G:\Setup.exe not found.
========== FILES ==========
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Ragey
->Temp folder emptied: 109568 bytes
->Temporary Internet Files folder emptied: 824648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49450407 bytes
->Flash cache emptied: 56967 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 512000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes
RecycleBin emptied: 4644368 bytes
Total Files Cleaned = 98,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.36.1 log created on 03092012_072804
Files\Folders moved on Reboot...
C:\Users\Ragey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ragey\AppData\Local\Temp\stt471D.tmp not found!
Registry entries deleted on Reboot...
|
|
09.03.2012, 09:38
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> EXP/CVE-2010-0840.FL - Virus losgeworden? |
|
09.03.2012, 16:52
| #22 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Okay, wieder am PC und mit TDSS-Killer gescannt: Hat nichts bemängelt. Edit: Hatte den ersten Scan nicht als Admin ausgeführt, aber am Ergebnis hat sich nichts geändert Code:
ATTFilter 16:55:16.0325 3792 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
16:55:16.0435 3792 ============================================================
16:55:16.0435 3792 Current date / time: 2012/03/09 16:55:16.0435
16:55:16.0435 3792 SystemInfo:
16:55:16.0435 3792
16:55:16.0435 3792 OS Version: 6.1.7600 ServicePack: 0.0
16:55:16.0435 3792 Product type: Workstation
16:55:16.0435 3792 ComputerName: BANANANA
16:55:16.0435 3792 UserName: Ragey
16:55:16.0435 3792 Windows directory: C:\Windows
16:55:16.0435 3792 System windows directory: C:\Windows
16:55:16.0435 3792 Running under WOW64
16:55:16.0435 3792 Processor architecture: Intel x64
16:55:16.0435 3792 Number of processors: 4
16:55:16.0435 3792 Page size: 0x1000
16:55:16.0435 3792 Boot type: Normal boot
16:55:16.0435 3792 ============================================================
16:55:16.0653 3792 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:16.0653 3792 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x6B98, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:55:16.0653 3792 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:16.0669 3792 \Device\Harddisk0\DR0:
16:55:16.0669 3792 MBR used
16:55:16.0669 3792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x46DC0B92
16:55:16.0669 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x46DC0BD1, BlocksNum 0x3A962F0
16:55:16.0669 3792 \Device\Harddisk1\DR1:
16:55:16.0669 3792 MBR used
16:55:16.0669 3792 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
16:55:16.0669 3792 \Device\Harddisk2\DR2:
16:55:16.0669 3792 MBR used
16:55:16.0669 3792 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18E2D800
16:55:16.0669 3792 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x18E2E000, BlocksNum 0x5B8D7800
16:55:16.0715 3792 Initialize success
16:55:16.0715 3792 ============================================================
16:55:21.0645 3632 ============================================================
16:55:21.0645 3632 Scan started
16:55:21.0645 3632 Mode: Manual; SigCheck; TDLFS;
16:55:21.0645 3632 ============================================================
16:55:21.0801 3632 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:55:21.0832 3632 1394ohci - ok
16:55:21.0863 3632 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:55:21.0879 3632 ACPI - ok
16:55:21.0895 3632 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:55:21.0910 3632 AcpiPmi - ok
16:55:21.0926 3632 ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
16:55:21.0941 3632 ADIHdAudAddService - ok
16:55:21.0957 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:21.0973 3632 adp94xx - ok
16:55:21.0988 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:55:22.0004 3632 adpahci - ok
16:55:22.0019 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:55:22.0035 3632 adpu320 - ok
16:55:22.0066 3632 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:55:22.0082 3632 AFD - ok
16:55:22.0097 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:55:22.0113 3632 agp440 - ok
16:55:22.0129 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:55:22.0129 3632 aliide - ok
16:55:22.0144 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:55:22.0160 3632 amdide - ok
16:55:22.0175 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:55:22.0175 3632 AmdK8 - ok
16:55:22.0191 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:55:22.0207 3632 AmdPPM - ok
16:55:22.0222 3632 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:55:22.0238 3632 amdsata - ok
16:55:22.0253 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:22.0269 3632 amdsbs - ok
16:55:22.0285 3632 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:55:22.0285 3632 amdxata - ok
16:55:22.0300 3632 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:55:22.0316 3632 AppID - ok
16:55:22.0347 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:55:22.0347 3632 arc - ok
16:55:22.0363 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:55:22.0378 3632 arcsas - ok
16:55:22.0378 3632 AsIO - ok
16:55:22.0394 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:22.0425 3632 AsyncMac - ok
16:55:22.0441 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:55:22.0456 3632 atapi - ok
16:55:22.0472 3632 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:55:22.0487 3632 avgntflt - ok
16:55:22.0503 3632 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:55:22.0503 3632 avipbb - ok
16:55:22.0534 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:55:22.0550 3632 b06bdrv - ok
16:55:22.0565 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:55:22.0581 3632 b57nd60a - ok
16:55:22.0597 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:55:22.0628 3632 Beep - ok
16:55:22.0643 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:22.0659 3632 blbdrive - ok
16:55:22.0675 3632 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:55:22.0690 3632 bowser - ok
16:55:22.0706 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:22.0721 3632 BrFiltLo - ok
16:55:22.0721 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:22.0737 3632 BrFiltUp - ok
16:55:22.0768 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:55:22.0768 3632 Brserid - ok
16:55:22.0784 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:22.0799 3632 BrSerWdm - ok
16:55:22.0815 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:22.0831 3632 BrUsbMdm - ok
16:55:22.0846 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:22.0862 3632 BrUsbSer - ok
16:55:22.0877 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:22.0893 3632 BTHMODEM - ok
16:55:22.0909 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:22.0940 3632 cdfs - ok
16:55:22.0955 3632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:22.0971 3632 cdrom - ok
16:55:22.0987 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:55:23.0002 3632 circlass - ok
16:55:23.0018 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:55:23.0033 3632 CLFS - ok
16:55:23.0049 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:23.0065 3632 CmBatt - ok
16:55:23.0080 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:55:23.0080 3632 cmdide - ok
16:55:23.0111 3632 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:55:23.0127 3632 CNG - ok
16:55:23.0143 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:23.0143 3632 Compbatt - ok
16:55:23.0158 3632 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:55:23.0174 3632 CompositeBus - ok
16:55:23.0189 3632 cpuz130 - ok
16:55:23.0205 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:23.0205 3632 crcdisk - ok
16:55:23.0236 3632 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:55:23.0252 3632 CSC - ok
16:55:23.0267 3632 CT20XUT (0c87302db0f22d7be38be41c86551d26) C:\Windows\system32\drivers\CT20XUT.SYS
16:55:23.0283 3632 CT20XUT - ok
16:55:23.0299 3632 CT20XUT.SYS (0c87302db0f22d7be38be41c86551d26) C:\Windows\System32\drivers\CT20XUT.SYS
16:55:23.0314 3632 CT20XUT.SYS - ok
16:55:23.0330 3632 ctac32k (a2608d16bc13d6e7edf5d802b4991700) C:\Windows\system32\drivers\ctac32k.sys
16:55:23.0345 3632 ctac32k - ok
16:55:23.0377 3632 ctaud2k (0316ef9a21f59614fc95f38b3c1d7426) C:\Windows\system32\drivers\ctaud2k.sys
16:55:23.0392 3632 ctaud2k - ok
16:55:23.0423 3632 CTEXFIFX (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\system32\drivers\CTEXFIFX.SYS
16:55:23.0439 3632 CTEXFIFX - ok
16:55:23.0486 3632 CTEXFIFX.SYS (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\System32\drivers\CTEXFIFX.SYS
16:55:23.0501 3632 CTEXFIFX.SYS - ok
16:55:23.0517 3632 CTHWIUT (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\system32\drivers\CTHWIUT.SYS
16:55:23.0533 3632 CTHWIUT - ok
16:55:23.0548 3632 CTHWIUT.SYS (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\System32\drivers\CTHWIUT.SYS
16:55:23.0548 3632 CTHWIUT.SYS - ok
16:55:23.0564 3632 ctprxy2k (123637593035dc8f379f8c8940a3eaf4) C:\Windows\system32\drivers\ctprxy2k.sys
16:55:23.0579 3632 ctprxy2k - ok
16:55:23.0595 3632 ctsfm2k (a0f9d7b87d3589e21abba956548fa574) C:\Windows\system32\drivers\ctsfm2k.sys
16:55:23.0595 3632 ctsfm2k - ok
16:55:23.0626 3632 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:55:23.0626 3632 DfsC - ok
16:55:23.0642 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:55:23.0673 3632 discache - ok
16:55:23.0689 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:55:23.0704 3632 Disk - ok
16:55:23.0720 3632 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:55:23.0735 3632 Dot4 - ok
16:55:23.0751 3632 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:55:23.0767 3632 Dot4Print - ok
16:55:23.0782 3632 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:55:23.0798 3632 dot4usb - ok
16:55:23.0813 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:55:23.0829 3632 drmkaud - ok
16:55:23.0845 3632 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:55:23.0860 3632 dtsoftbus01 - ok
16:55:23.0876 3632 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:23.0907 3632 DXGKrnl - ok
16:55:23.0969 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:55:24.0016 3632 ebdrv - ok
16:55:24.0032 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:55:24.0063 3632 elxstor - ok
16:55:24.0079 3632 emupia (f525c6f6ff32744575c76d06606c8466) C:\Windows\system32\drivers\emupia2k.sys
16:55:24.0079 3632 emupia - ok
16:55:24.0094 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:55:24.0110 3632 ErrDev - ok
16:55:24.0125 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:55:24.0157 3632 exfat - ok
16:55:24.0172 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:55:24.0203 3632 fastfat - ok
16:55:24.0219 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:55:24.0235 3632 fdc - ok
16:55:24.0250 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:55:24.0266 3632 FileInfo - ok
16:55:24.0281 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:55:24.0313 3632 Filetrace - ok
16:55:24.0328 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:24.0344 3632 flpydisk - ok
16:55:24.0359 3632 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:55:24.0375 3632 FltMgr - ok
16:55:24.0391 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:55:24.0406 3632 FsDepends - ok
16:55:24.0406 3632 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:24.0422 3632 Fs_Rec - ok
16:55:24.0437 3632 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:55:24.0453 3632 fvevol - ok
16:55:24.0469 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:24.0484 3632 gagp30kx - ok
16:55:24.0515 3632 ha20x2k (52c2aa23c3931f699d647c80cb5c6ed5) C:\Windows\system32\drivers\ha20x2k.sys
16:55:24.0547 3632 ha20x2k - ok
16:55:24.0578 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:55:24.0578 3632 hcw85cir - ok
16:55:24.0609 3632 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:55:24.0625 3632 HdAudAddService - ok
16:55:24.0640 3632 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:24.0656 3632 HDAudBus - ok
16:55:24.0671 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:24.0671 3632 HidBatt - ok
16:55:24.0687 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:55:24.0703 3632 HidBth - ok
16:55:24.0718 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:55:24.0734 3632 HidIr - ok
16:55:24.0749 3632 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:55:24.0765 3632 HidUsb - ok
16:55:24.0781 3632 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:55:24.0796 3632 HpSAMD - ok
16:55:24.0827 3632 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:55:24.0859 3632 HTTP - ok
16:55:24.0874 3632 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:55:24.0890 3632 hwpolicy - ok
16:55:24.0905 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:24.0905 3632 i8042prt - ok
16:55:24.0937 3632 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:55:24.0952 3632 iaStorV - ok
16:55:24.0968 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:55:24.0968 3632 iirsp - ok
16:55:24.0999 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:55:24.0999 3632 intelide - ok
16:55:25.0015 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:25.0030 3632 intelppm - ok
16:55:25.0046 3632 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:25.0077 3632 IpFilterDriver - ok
16:55:25.0093 3632 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:55:25.0108 3632 IPMIDRV - ok
16:55:25.0124 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:55:25.0155 3632 IPNAT - ok
16:55:25.0171 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:55:25.0186 3632 IRENUM - ok
16:55:25.0202 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:55:25.0217 3632 isapnp - ok
16:55:25.0233 3632 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:25.0249 3632 iScsiPrt - ok
16:55:25.0264 3632 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
16:55:25.0264 3632 JRAID - ok
16:55:25.0280 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:25.0295 3632 kbdclass - ok
16:55:25.0311 3632 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:25.0311 3632 kbdhid - ok
16:55:25.0327 3632 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:55:25.0342 3632 KSecDD - ok
16:55:25.0358 3632 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:55:25.0373 3632 KSecPkg - ok
16:55:25.0389 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:55:25.0420 3632 ksthunk - ok
16:55:25.0436 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:25.0467 3632 lltdio - ok
16:55:25.0498 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:25.0498 3632 LSI_FC - ok
16:55:25.0514 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:25.0529 3632 LSI_SAS - ok
16:55:25.0545 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:25.0561 3632 LSI_SAS2 - ok
16:55:25.0576 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:25.0576 3632 LSI_SCSI - ok
16:55:25.0592 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:55:25.0639 3632 luafv - ok
16:55:25.0654 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:55:25.0654 3632 megasas - ok
16:55:25.0670 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:25.0685 3632 MegaSR - ok
16:55:25.0701 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:55:25.0748 3632 Modem - ok
16:55:25.0748 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:55:25.0763 3632 monitor - ok
16:55:25.0779 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:55:25.0795 3632 mouclass - ok
16:55:25.0810 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:25.0826 3632 mouhid - ok
16:55:25.0841 3632 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:55:25.0857 3632 mountmgr - ok
16:55:25.0873 3632 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:55:25.0873 3632 mpio - ok
16:55:25.0888 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:55:25.0919 3632 mpsdrv - ok
16:55:25.0951 3632 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:55:25.0966 3632 MRxDAV - ok
16:55:25.0982 3632 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:25.0982 3632 mrxsmb - ok
16:55:26.0013 3632 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:26.0013 3632 mrxsmb10 - ok
16:55:26.0044 3632 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:26.0044 3632 mrxsmb20 - ok
16:55:26.0060 3632 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:55:26.0075 3632 msahci - ok
16:55:26.0091 3632 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:55:26.0107 3632 msdsm - ok
16:55:26.0122 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:55:26.0153 3632 Msfs - ok
16:55:26.0169 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:55:26.0200 3632 mshidkmdf - ok
16:55:26.0216 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:55:26.0216 3632 msisadrv - ok
16:55:26.0231 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:26.0278 3632 MSKSSRV - ok
16:55:26.0278 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:26.0309 3632 MSPCLOCK - ok
16:55:26.0325 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:55:26.0356 3632 MSPQM - ok
16:55:26.0387 3632 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:55:26.0403 3632 MsRPC - ok
16:55:26.0419 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:26.0419 3632 mssmbios - ok
16:55:26.0434 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:55:26.0465 3632 MSTEE - ok
16:55:26.0481 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:26.0497 3632 MTConfig - ok
16:55:26.0512 3632 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
16:55:26.0512 3632 MTsensor - ok
16:55:26.0528 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:55:26.0543 3632 Mup - ok
16:55:26.0559 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:26.0575 3632 NativeWifiP - ok
16:55:26.0606 3632 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:55:26.0637 3632 NDIS - ok
16:55:26.0653 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:26.0684 3632 NdisCap - ok
16:55:26.0699 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:26.0731 3632 NdisTapi - ok
16:55:26.0746 3632 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:26.0777 3632 Ndisuio - ok
16:55:26.0793 3632 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:26.0840 3632 NdisWan - ok
16:55:26.0840 3632 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:55:26.0887 3632 NDProxy - ok
16:55:26.0902 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:55:26.0933 3632 NetBIOS - ok
16:55:26.0949 3632 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:55:26.0980 3632 NetBT - ok
16:55:26.0996 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:27.0011 3632 nfrd960 - ok
16:55:27.0043 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:55:27.0074 3632 Npfs - ok
16:55:27.0089 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:55:27.0121 3632 nsiproxy - ok
16:55:27.0152 3632 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:55:27.0183 3632 Ntfs - ok
16:55:27.0199 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:55:27.0230 3632 Null - ok
16:55:27.0261 3632 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:55:27.0261 3632 NVHDA - ok
16:55:27.0495 3632 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:55:27.0667 3632 nvlddmkm - ok
16:55:27.0682 3632 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:55:27.0698 3632 nvraid - ok
16:55:27.0713 3632 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:55:27.0729 3632 nvstor - ok
16:55:27.0745 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:55:27.0760 3632 nv_agp - ok
16:55:27.0776 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:55:27.0791 3632 ohci1394 - ok
16:55:27.0807 3632 ossrv (63a9d079b05207203707a909464a78fd) C:\Windows\system32\drivers\ctoss2k.sys
16:55:27.0807 3632 ossrv - ok
16:55:27.0838 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:55:27.0838 3632 Parport - ok
16:55:27.0854 3632 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:55:27.0869 3632 partmgr - ok
16:55:27.0885 3632 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:55:27.0901 3632 pci - ok
16:55:27.0916 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:55:27.0932 3632 pciide - ok
16:55:27.0947 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:55:27.0947 3632 pcmcia - ok
16:55:27.0963 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:55:27.0979 3632 pcw - ok
16:55:28.0010 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:55:28.0041 3632 PEAUTH - ok
16:55:28.0088 3632 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:28.0119 3632 PptpMiniport - ok
16:55:28.0135 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:55:28.0150 3632 Processor - ok
16:55:28.0166 3632 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:55:28.0197 3632 Psched - ok
16:55:28.0228 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:55:28.0259 3632 ql2300 - ok
16:55:28.0275 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:55:28.0291 3632 ql40xx - ok
16:55:28.0306 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:55:28.0322 3632 QWAVEdrv - ok
16:55:28.0337 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:28.0369 3632 RasAcd - ok
16:55:28.0384 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:55:28.0415 3632 RasAgileVpn - ok
16:55:28.0431 3632 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:28.0462 3632 Rasl2tp - ok
16:55:28.0478 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:28.0525 3632 RasPppoe - ok
16:55:28.0540 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:28.0571 3632 RasSstp - ok
16:55:28.0587 3632 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:28.0618 3632 rdbss - ok
16:55:28.0634 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:28.0649 3632 rdpbus - ok
16:55:28.0665 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:28.0696 3632 RDPCDD - ok
16:55:28.0712 3632 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:55:28.0727 3632 RDPDR - ok
16:55:28.0743 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:55:28.0774 3632 RDPENCDD - ok
16:55:28.0790 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:55:28.0821 3632 RDPREFMP - ok
16:55:28.0837 3632 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:55:28.0868 3632 RDPWD - ok
16:55:28.0899 3632 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:55:28.0899 3632 rdyboost - ok
16:55:28.0930 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:28.0961 3632 rspndr - ok
16:55:28.0977 3632 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:55:28.0993 3632 s3cap - ok
16:55:29.0008 3632 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:55:29.0008 3632 sbp2port - ok
16:55:29.0039 3632 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:55:29.0071 3632 scfilter - ok
16:55:29.0086 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:55:29.0117 3632 secdrv - ok
16:55:29.0133 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:55:29.0149 3632 Serenum - ok
16:55:29.0164 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:55:29.0180 3632 Serial - ok
16:55:29.0195 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:55:29.0195 3632 sermouse - ok
16:55:29.0227 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:55:29.0242 3632 sffdisk - ok
16:55:29.0258 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:55:29.0273 3632 sffp_mmc - ok
16:55:29.0289 3632 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:55:29.0289 3632 sffp_sd - ok
16:55:29.0305 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:29.0320 3632 sfloppy - ok
16:55:29.0336 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:29.0351 3632 SiSRaid2 - ok
16:55:29.0367 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:29.0383 3632 SiSRaid4 - ok
16:55:29.0398 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:55:29.0429 3632 Smb - ok
16:55:29.0445 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:55:29.0461 3632 spldr - ok
16:55:29.0476 3632 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:55:29.0492 3632 srv - ok
16:55:29.0523 3632 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:55:29.0523 3632 srv2 - ok
16:55:29.0554 3632 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:29.0554 3632 srvnet - ok
16:55:29.0632 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:29.0632 3632 stexstor - ok
16:55:29.0648 3632 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:55:29.0663 3632 storflt - ok
16:55:29.0679 3632 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:55:29.0695 3632 storvsc - ok
16:55:29.0710 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:55:29.0710 3632 swenum - ok
16:55:29.0773 3632 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:55:29.0804 3632 Tcpip - ok
16:55:29.0851 3632 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:29.0882 3632 TCPIP6 - ok
16:55:29.0897 3632 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:55:29.0929 3632 tcpipreg - ok
16:55:29.0944 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:55:29.0976 3632 TDPIPE - ok
16:55:29.0991 3632 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:55:30.0022 3632 TDTCP - ok
16:55:30.0038 3632 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:55:30.0069 3632 tdx - ok
16:55:30.0085 3632 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:55:30.0100 3632 TermDD - ok
16:55:30.0132 3632 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:30.0163 3632 tssecsrv - ok
16:55:30.0178 3632 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:30.0210 3632 tunnel - ok
16:55:30.0225 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:30.0241 3632 uagp35 - ok
16:55:30.0256 3632 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:55:30.0288 3632 udfs - ok
16:55:30.0303 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:55:30.0319 3632 uliagpkx - ok
16:55:30.0334 3632 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:55:30.0350 3632 umbus - ok
16:55:30.0366 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:55:30.0366 3632 UmPass - ok
16:55:30.0397 3632 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:30.0412 3632 usbccgp - ok
16:55:30.0428 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:55:30.0444 3632 usbcir - ok
16:55:30.0459 3632 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:30.0459 3632 usbehci - ok
16:55:30.0490 3632 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:30.0506 3632 usbhub - ok
16:55:30.0522 3632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:55:30.0522 3632 usbohci - ok
16:55:30.0537 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:30.0553 3632 usbprint - ok
16:55:30.0568 3632 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:30.0584 3632 USBSTOR - ok
16:55:30.0600 3632 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:30.0615 3632 usbuhci - ok
16:55:30.0631 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:55:30.0646 3632 vdrvroot - ok
16:55:30.0662 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:30.0678 3632 vga - ok
16:55:30.0693 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:55:30.0724 3632 VgaSave - ok
16:55:30.0740 3632 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:55:30.0756 3632 vhdmp - ok
16:55:30.0771 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:55:30.0771 3632 viaide - ok
16:55:30.0787 3632 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:55:30.0802 3632 vmbus - ok
16:55:30.0818 3632 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:55:30.0834 3632 VMBusHID - ok
16:55:30.0849 3632 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:55:30.0865 3632 volmgr - ok
16:55:30.0880 3632 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:55:30.0896 3632 volmgrx - ok
16:55:30.0912 3632 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:55:30.0927 3632 volsnap - ok
16:55:30.0943 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:30.0958 3632 vsmraid - ok
16:55:30.0974 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:55:30.0990 3632 vwifibus - ok
16:55:31.0005 3632 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:55:31.0005 3632 wacmoumonitor - ok
16:55:31.0021 3632 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:55:31.0036 3632 wacommousefilter - ok
16:55:31.0052 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:31.0068 3632 WacomPen - ok
16:55:31.0083 3632 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
16:55:31.0083 3632 wacomvhid - ok
16:55:31.0099 3632 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:31.0130 3632 WANARP - ok
16:55:31.0130 3632 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:31.0177 3632 Wanarpv6 - ok
16:55:31.0192 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:55:31.0208 3632 Wd - ok
16:55:31.0224 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:55:31.0239 3632 Wdf01000 - ok
16:55:31.0270 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:31.0302 3632 WfpLwf - ok
16:55:31.0317 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:55:31.0333 3632 WIMMount - ok
16:55:31.0348 3632 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:55:31.0364 3632 WinUsb - ok
16:55:31.0380 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:55:31.0395 3632 WmiAcpi - ok
16:55:31.0411 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:31.0458 3632 ws2ifsl - ok
16:55:31.0473 3632 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:55:31.0504 3632 WudfPf - ok
16:55:31.0520 3632 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:31.0551 3632 WUDFRd - ok
16:55:31.0582 3632 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:55:31.0582 3632 xusb21 - ok
16:55:31.0614 3632 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
16:55:31.0629 3632 yukonw7 - ok
16:55:31.0645 3632 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:55:31.0879 3632 \Device\Harddisk0\DR0 - ok
16:55:31.0894 3632 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:55:31.0894 3632 \Device\Harddisk1\DR1 - ok
16:55:31.0910 3632 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
16:55:31.0926 3632 \Device\Harddisk2\DR2 - ok
16:55:31.0926 3632 Boot (0x1200) (c13ed3b4511fc10a77701f764ac8a026) \Device\Harddisk0\DR0\Partition0
16:55:31.0926 3632 \Device\Harddisk0\DR0\Partition0 - ok
16:55:31.0926 3632 Boot (0x1200) (9f992983f44b7ca6d4517e889a5c4ea0) \Device\Harddisk0\DR0\Partition1
16:55:31.0926 3632 \Device\Harddisk0\DR0\Partition1 - ok
16:55:31.0926 3632 Boot (0x1200) (05a1eae14d318a9e7d04794c619e2a85) \Device\Harddisk1\DR1\Partition0
16:55:31.0926 3632 \Device\Harddisk1\DR1\Partition0 - ok
16:55:31.0941 3632 Boot (0x1200) (6b1f90927ebc05fa4cae6e31425f729e) \Device\Harddisk2\DR2\Partition0
16:55:31.0941 3632 \Device\Harddisk2\DR2\Partition0 - ok
16:55:31.0941 3632 Boot (0x1200) (4bfbfd69fa607019c75dfced8f7dc624) \Device\Harddisk2\DR2\Partition1
16:55:31.0941 3632 \Device\Harddisk2\DR2\Partition1 - ok
16:55:31.0941 3632 ============================================================
16:55:31.0941 3632 Scan finished
16:55:31.0941 3632 ============================================================
16:55:31.0941 3928 Detected object count: 0
16:55:31.0941 3928 Actual detected object count: 0
|
|
10.03.2012, 16:09
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2012, 16:59
| #24 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Okay gemacht.. Wenn ich das richtig gesehen habe, hat es mein XPAntispy gelöscht, sonst nichts? Und warum? Infiziert, oder weil es ins System eingreift? Code:
ATTFilter ComboFix 12-03-10.02 - Ragey 10.03.2012 16:50:00.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.3042 [GMT 1:00]
ausgeführt von:: c:\users\Ragey\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\users\Ragey\AppData\Local\Temp\stt44EB.tmp
E:\Autorun.inf
F:\Autorun.inf
M:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-10 bis 2012-03-10 ))))))))))))))))))))))))))))))
.
.
2012-03-09 06:28 . 2012-03-09 06:28 -------- d-----w- C:\_OTL
2012-03-08 12:12 . 2012-03-08 12:12 -------- d-----w- c:\program files (x86)\ESET
2012-03-06 18:09 . 2012-03-06 18:09 -------- d-----w- c:\users\Ragey\AppData\Roaming\Malwarebytes
2012-03-06 18:09 . 2012-03-06 18:09 -------- d-----w- c:\programdata\Malwarebytes
2012-03-06 18:09 . 2012-03-06 18:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 18:09 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 20:35 . 2012-03-05 20:35 -------- d-----w- c:\program files\CCleaner
2012-03-05 10:37 . 2012-03-05 10:37 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-05 10:37 . 2012-03-05 10:37 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-05 10:37 . 2012-03-05 10:37 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-05 10:37 . 2012-03-05 10:37 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-03-05 10:37 . 2012-03-05 10:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-03-05 10:37 . 2012-03-05 10:37 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-03-04 20:34 . 2012-03-04 20:34 -------- d-----w- c:\users\Ragey\AppData\Roaming\TeamViewer
2012-03-03 10:18 . 2012-03-03 10:18 -------- d-----w- c:\users\Ragey\AppData\Roaming\BigHugeEngine
2012-02-23 09:21 . 2012-02-23 09:21 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-02-23 09:21 . 2012-02-23 09:21 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-18 14:59 . 2012-02-18 15:14 -------- d-----w- C:\BDS
2012-02-18 14:59 . 2012-02-18 14:59 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-02-18 14:59 . 2012-02-18 14:59 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-18 14:59 . 2005-11-13 22:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-18 14:59 . 2005-11-13 22:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-18 14:59 . 2005-11-13 22:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-18 14:59 . 2005-11-13 22:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-18 14:59 . 2005-11-13 22:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-18 14:59 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-14 21:40 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:39 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:39 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7 Taskbar Tweaker"="c:\program files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe" [2011-02-18 181248]
"DeskSave"="c:\program files (x86)\Desksave\DeskSave.exe" [2008-07-26 82944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2011-02-27 36864]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-03-06 25600]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 cpuz130;cpuz130;c:\users\Ragey\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-27 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-02-27 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-10 16:56:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-10 15:56
.
Vor Suchlauf: 12 Verzeichnis(se), 18.328.936.448 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 17.835.020.288 Bytes frei
.
- - End Of File - - BB1368CB119D30595000C9CC36B0BB48
|
|
12.03.2012, 12:19
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Warum CF AntiSpy gelöscht hat weiß ich nicht. Ein Verlust ist das aber nicht, denn AntiSpy ist ziemlicher Quatsch. Man kann sich damit einiges an abusrden Einstellungen herbeiführen. Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 14:56
| #26 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Okay, hier das log: Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 14:54:46
-----------------------------
14:54:46.058 OS Version: Windows x64 6.1.7600
14:54:46.058 Number of processors: 4 586 0xF0B
14:54:46.058 ComputerName: BANANANA UserName: Ragey
14:54:46.183 Initialize success
14:55:37.613 AVAST engine defs: 12031200
14:55:51.934 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
14:55:51.934 Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3
14:55:51.934 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
14:55:51.950 Disk 1 Vendor: OCZ-VERTEX2 1.27 Size: 57241MB BusType: 3
14:55:51.950 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
14:55:51.950 Disk 2 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
14:55:51.950 Disk 1 MBR read successfully
14:55:51.950 Disk 1 MBR scan
14:55:51.965 Disk 1 Windows 7 default MBR code
14:55:51.965 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57139 MB offset 206848
14:55:51.965 Disk 1 scanning C:\Windows\system32\drivers
14:55:55.429 Service scanning
14:56:03.556 Modules scanning
14:56:03.556 Disk 1 trace - called modules:
14:56:03.556 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
14:56:03.572 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80044c3060]
14:56:03.572 3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa8003ece520]
14:56:03.572 5 ACPI.sys[fffff88000f10781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ecf680]
14:56:03.806 AVAST engine scan C:\Windows
14:56:04.461 AVAST engine scan C:\Windows\system32
14:57:20.761 AVAST engine scan C:\Windows\system32\drivers
14:57:24.676 AVAST engine scan C:\Users\Ragey
14:57:36.657 AVAST engine scan C:\ProgramData
14:57:43.178 Scan finished successfully
14:58:21.539 Disk 1 MBR has been saved successfully to "C:\Users\Ragey\Desktop\MBR.dat"
14:58:21.539 The log file has been saved successfully to "C:\Users\Ragey\Desktop\aswMBR.txt"
|
|
12.03.2012, 15:35
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Live-System PartedMagic / GParted 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken 5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 17:34
| #28 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Hm, er bootet nicht fertig mit PartedMagic. Letzter Eintrag ist: PnPBios: Disabled by ACPI PNP EDIT: Bzw beim zweiten Versuch mit ACPI: ACPI bus type pnp unregistered Geändert von ragey (12.03.2012 um 17:54 Uhr) |
|
12.03.2012, 18:26
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-0840.FL - Virus losgeworden? Kannst du mit Failsafe Settings booten?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 18:33
| #30 |
| | EXP/CVE-2010-0840.FL - Virus losgeworden? Also via Failsafe -> A. Failsafe Settings? Nein, geht auch nicht. Da bleibts irgendwo bei PCI Bridge to bus [bus 02-02] hängen :/ EDIT: An der CD liegt's mal nicht, mit dem Laptop kann ich einwandfrei davon booten. Ich meine mich aber zu erinnern, dass der Rechner vor eiiiniger Zeit schonmal Probleme hatte, von einer Live-CD zu booten. Damals war die Systemplatte abgeraucht, da hatte ich es glaube ich mit Knoppix versucht. Geändert von ragey (12.03.2012 um 19:10 Uhr) |
|
| Themen zu EXP/CVE-2010-0840.FL - Virus losgeworden? |
| antivir, aufsetzen, autostart, datei, dateien, exp/cve-2010-0840.fl, folge, google, hijack, hijackthis, infizierte, infizierte dateien, java, licensevalidaotor.exe, link, malware, malwarebytes, mozilla, namen, neu aufsetzen, neue, nicht sicher, prozess, scan, schließen, system, taskmanager, unbedingt, upgradehelper.exe, virus, virustotal.com, windows |
Linear-Darstellung
