| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Virus "Betriebssystem gesperrt"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2012, 16:01
| #1 |
 |  BKA Virus "Betriebssystem gesperrt" Hallo, wie einige andere auch, fiel ich heute auch dem BKA Virus zum Opfer. Wollte mir ein neues Wallpaper holen und dann wurde der Bildschirm weiß und ein Fenster erschien, auf dem stand, dass mein Betriebssystem wegen Sodomie und Kinderpornographie gesperrt worden sei. Ich habe die Suchfunktion bereits bemüht, allerdings wollte ich trotzdem mal ein Thema erstellen, ist ja individuell. Was ich bereits getan habe: Ich habe es geschafft, den abgesicherten Modus zu starten und mit Systemwiederherstellung das System auf den Stand vom 18.03.2012 zurückzusetzen. Dann konnte ich auch den normalen Modus wieder starten. Habe bisher zur Sicherheit Avira drüberlaufen lassen, ergab keine Fehler. AdAware läuft grad noch drüber. Trotzdem würde ich das ganze gerne noch mal abchecken lassen, deswegen dieses Thema. Wäre froh, wenn ich Hilfe bekomme. Gruß und Danke im Voraus Hier mal Malwarebytes-Log(s). Den ersten Scan habe ich abgebrochen, weil ich nochmal sicher gehen wollte, ob alle Updates installiert sind. Trotzdem poste ich den Log mal mit. Erster Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 (X) :: -PC- [Administrator] Schutz: Aktiviert 22.03.2012 16:29:13 mbam-log-2012-03-22 (16-29-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 37114 Laufzeit: 4 Minute(n), 12 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 (X) :: -PC- [Administrator] Schutz: Aktiviert 22.03.2012 16:34:04 mbam-log-2012-03-22 (16-34-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 467781 Laufzeit: 2 Stunde(n), 34 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\LIMBO\TDU.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
24.03.2012, 19:38
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Virus "Betriebssystem gesperrt"Zitat:
__________________ |
|
24.03.2012, 19:52
| #3 |
| | BKA Virus "Betriebssystem gesperrt" Hallo Arne,
__________________vielen Dank für Deine Antwort. Dieses Limbo war, soweit ich mich noch daran erinnern kann, ein Spiel, das mir mal ein Freund gelinkt hat. Ich wollte es mal spielen, allerdings hat dann mein Antiviren-Scanner angeschlagen, also habe ich es nicht gespielt und sein gelassen. Ich habe gerade noch mal den Chatverlauf angesehen, in dem er mir das Spiel geschickt hat. Der Downloadlink befand sich in der Beschreibung eines YouTube-Videos, das Video wurde aber mittlerweile entfernt. Deswegen kann ich dir leider nicht sagen, woher das war. Bei ihm ging das Spiel ohne Virenmeldung. Geändert von Ravenlord=O (24.03.2012 um 19:57 Uhr) |
|
24.03.2012, 20:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2012, 20:10
| #5 |
| | BKA Virus "Betriebssystem gesperrt" Bevor ich was falsches mache, frage ich lieber nach: Wenn ich ESET installieren will, wird mir angezeigt, dass andere Antivirensoftware entdeckt wurde, und zwar der Windows Defender. Jetzt habe ich gerade in der Systemsteuerung nachgesehen, ob dieser aktiviert ist und mir wird gesagt, dass er deaktiviert sei. Einfach fortfahren? |
|
25.03.2012, 14:03
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Ja dann einfach fortfahren
__________________ --> BKA Virus "Betriebssystem gesperrt" |
|
25.03.2012, 17:19
| #7 |
| | BKA Virus "Betriebssystem gesperrt" Ist grad fertig geworden und hat was von Softonic gefunden.. da ich im Forum schon etwas gelesen hab, weiß ich, dass das Rotz ist. Hier ist das Logfile, ich hoffe, ich hab beim Scan alles richtig gemacht, sonst mach ichs nochmal: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2b13c53eeee4d340b3c2598b5ce4c819
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 04:03:31
# local_time=2012-03-25 06:03:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 258689 258689 0 0
# compatibility_mode=5893 16776574 66 85 2776890 84312225 0 0
# compatibility_mode=8192 67108863 100 0 69896 69896 0 0
# scanned=268646
# found=1
# cleaned=0
# scan_time=9036
C:\$Recycle.Bin\S-1-5-21-1956246589-3836188182-3508371448-1001\$RD0OF5J.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
|
|
25.03.2012, 18:07
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Ja lass die Finger vom Softonic-Müll   Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 18:37
| #9 |
| | BKA Virus "Betriebssystem gesperrt" Hier der Log. PC Name wurde durch (X) ersetzt, da er mein eigener Name ist. Habe in letzter Zeit viele Ordner erstellt und PDFs fürs Studium geladen; man erkennt wohl, dass ich Mathematiker bin. *g*.. Danke schon mal im Voraus! Code:
ATTFilter OTL logfile created on: 25.03.2012 19:15:16 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\(X)\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,19% Memory free 7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 51,46 Gb Free Space | 17,57% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 490,15 Gb Free Space | 76,76% Space Free | Partition Type: NTFS Computer Name: -PC- | User Name: (X) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.25 19:12:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.01.15 04:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe PRC - [2011.01.15 04:20:04 | 000,415,072 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe PRC - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (No Company Name) ========== MOD - [2011.01.15 04:20:12 | 002,151,776 | ---- | M] () -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011.01.15 04:20:04 | 000,415,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.12 10:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.25 14:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.05.25 14:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.05.25 14:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex) DRV:64bit: - [2009.05.25 14:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm) DRV:64bit: - [2009.05.25 14:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.05.25 14:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl) DRV:64bit: - [2009.05.25 14:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV:64bit: - [2007.08.31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio) DRV:64bit: - [2007.06.21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA) DRV:64bit: - [2007.06.21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA) DRV:64bit: - [2007.06.21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA) DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2011.02.04 16:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D ED 23 E8 04 15 CB 01 [binary data] IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes,DefaultScope = {1C382ED4-890E-450E-A652-039EAB49E97E} IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://forum.germansmash.de/" FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 19:06:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.16 12:50:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.02 00:03:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.22 19:06:03 | 000,000,000 | ---D | M] [2010.06.26 16:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(X)\AppData\Roaming\mozilla\Extensions [2012.02.15 01:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\(X)\AppData\Roaming\mozilla\Firefox\Profiles\9yu0btdu.default\extensions [2011.07.22 05:57:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\(X)\AppData\Roaming\mozilla\Firefox\Profiles\9yu0btdu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\conduit.xml [2010.08.14 12:19:25 | 000,002,354 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\ecosia.xml [2010.10.19 21:27:44 | 000,001,583 | ---- | M] () -- C:\Users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\searchplugins\web-search.xml [2012.02.05 09:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.23 09:26:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\(X)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YU0BTDU.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI () (No name found) -- C:\USERS\(X)\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YU0BTDU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.16 12:50:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.16 07:00:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.16 07:00:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.16 07:00:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.16 07:00:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.16 07:00:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.16 07:00:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe () O4 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\(X)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85547D12-BB99-450D-8F76-DEAB7C3819E4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D7F8BEC-714E-4320-9965-FB8041E677CA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell - "" = AutoRun O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell - "" = AutoRun O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/) Drivers32:64bit: VIDC.FFDS - ff_vfw.dll () Drivers32:64bit: VIDC.I420 - File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - i420vfw.dll File not found Drivers32: vidc.yv12 - yv12vfw.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.25 19:12:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe [2012.03.24 21:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.24 21:07:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\(X)\Desktop\esetsmartinstaller_enu.exe [2012.03.23 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\(X)\Documents\Uebungsblaetter [2012.03.22 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\Malwarebytes [2012.03.22 17:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.22 17:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.22 17:28:19 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.22 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.22 16:47:09 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\Avira [2012.03.22 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.03.22 16:41:26 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.03.22 16:41:26 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.03.22 16:41:26 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.03.22 16:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.03.22 16:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.03.09 19:27:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.03.09 19:27:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.03.04 21:23:48 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\MiKTeX [2012.03.04 21:23:45 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Local\MiKTeX [2012.03.04 21:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.03.04 21:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2012.03.04 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\(X)\AppData\Roaming\benibela [2012.03.04 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexMakerX [2012.03.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexMakerX [2012.03.04 20:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9 ========== Files - Modified Within 30 Days ========== [2012.03.25 19:12:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\(X)\Desktop\OTL.exe [2012.03.25 11:26:12 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 11:26:12 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.25 11:22:43 | 002,239,544 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.25 11:22:43 | 001,079,816 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.25 11:22:43 | 000,620,600 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.25 11:22:43 | 000,547,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.25 11:22:43 | 000,005,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.25 11:17:09 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.03.25 11:15:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.25 11:15:26 | 3218,939,904 | -HS- | M] () -- C:\hiberfil.sys [2012.03.24 21:07:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\(X)\Desktop\esetsmartinstaller_enu.exe [2012.03.23 17:59:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.03.23 17:59:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.03.22 17:28:26 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.22 16:41:47 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.21 20:02:18 | 000,646,001 | ---- | M] () -- C:\Users\(X)\Desktop\2012-03-21 18.02.19.jpg [2012.03.14 23:42:45 | 043,578,663 | ---- | M] () -- C:\Users\(X)\Documents\3Plusss - Kindskopf EP 2012.zip [2012.03.14 23:23:29 | 080,219,982 | ---- | M] () -- C:\Users\(X)\Documents\donetasy-lesbensindcoolhomossindschwul.7z [2012.03.14 19:50:17 | 000,314,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.09 13:56:25 | 000,013,012 | ---- | M] () -- C:\Users\(X)\Documents\Stundenplan_Semester_3.ods [2012.03.06 12:48:54 | 000,005,350 | ---- | M] () -- C:\Users\(X)\Documents\besser.axp [2012.03.06 12:26:40 | 000,869,772 | ---- | M] () -- C:\Users\(X)\Documents\61805-5.mp3 [2012.03.06 12:11:49 | 000,664,554 | ---- | M] () -- C:\Users\(X)\Documents\62357-3.mp3 [2012.03.06 12:11:20 | 001,313,226 | ---- | M] () -- C:\Users\(X)\Documents\62804-5.mp3 [2012.03.06 12:11:09 | 001,137,265 | ---- | M] () -- C:\Users\(X)\Documents\62804-3.mp3 [2012.03.06 12:10:04 | 000,598,307 | ---- | M] () -- C:\Users\(X)\Documents\59758-5.mp3 [2012.03.06 12:09:08 | 000,431,750 | ---- | M] () -- C:\Users\(X)\Documents\60249-3.mp3 [2012.03.06 12:08:08 | 000,708,439 | ---- | M] () -- C:\Users\(X)\Documents\61332-9.mp3 [2012.03.06 12:07:47 | 001,042,807 | ---- | M] () -- C:\Users\(X)\Documents\61332-3.mp3 [2012.03.06 12:07:09 | 001,176,136 | ---- | M] () -- C:\Users\(X)\Documents\63359-2.mp3 [2012.03.05 14:06:35 | 000,217,298 | ---- | M] () -- C:\Users\(X)\Stochastik.pdf [2012.03.05 14:06:35 | 000,012,150 | ---- | M] () -- C:\Users\(X)\Stochastik.synctex.gz [2012.03.05 14:06:35 | 000,000,009 | ---- | M] () -- C:\Users\(X)\Stochastik.aux [2012.03.05 14:06:31 | 000,004,136 | ---- | M] () -- C:\Users\(X)\Stochastik.tex [2012.03.05 13:52:00 | 000,190,896 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.pdf [2012.03.05 13:52:00 | 000,010,182 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.synctex.gz [2012.03.05 13:52:00 | 000,003,562 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.tex [2012.03.05 13:52:00 | 000,000,009 | ---- | M] () -- C:\Users\(X)\LineareAlgebraII.aux [2012.03.05 00:16:52 | 000,211,731 | ---- | M] () -- C:\Users\(X)\Analysis.pdf [2012.03.05 00:16:52 | 000,010,052 | ---- | M] () -- C:\Users\(X)\Analysis.synctex.gz [2012.03.05 00:16:52 | 000,000,009 | ---- | M] () -- C:\Users\(X)\Analysis.aux [2012.03.05 00:16:51 | 000,003,631 | ---- | M] () -- C:\Users\(X)\Analysis.tex [2012.03.04 23:39:26 | 000,152,973 | ---- | M] () -- C:\Users\(X)\AlgebraI.pdf [2012.03.04 23:39:26 | 000,005,387 | ---- | M] () -- C:\Users\(X)\AlgebraI.synctex.gz [2012.03.04 23:39:26 | 000,002,004 | ---- | M] () -- C:\Users\(X)\AlgebraI.tex [2012.03.04 23:39:26 | 000,000,009 | ---- | M] () -- C:\Users\(X)\AlgebraI.aux [2012.03.04 23:04:19 | 000,176,411 | ---- | M] () -- C:\Users\(X)\bla.pdf [2012.03.04 23:04:19 | 000,011,706 | ---- | M] () -- C:\Users\(X)\bla.synctex.gz [2012.03.04 23:04:19 | 000,003,909 | ---- | M] () -- C:\Users\(X)\bla.tex [2012.03.04 23:04:19 | 000,000,009 | ---- | M] () -- C:\Users\(X)\bla.aux [2012.03.04 20:46:37 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TexMakerX.lnk [2012.03.04 20:37:39 | 1223,854,878 | ---- | M] () -- C:\Users\(X)\Documents\ProTeXt-3.0-070811.exe [2012.03.04 17:36:16 | 046,751,131 | ---- | M] () -- C:\Users\(X)\Documents\The Edgar Wasser Freetrack Collection Vol. 2.zip [2012.03.01 14:44:20 | 000,023,099 | ---- | M] () -- C:\Users\(X)\Documents\NoteCode.pdf ========== Files Created - No Company Name ========== [2012.03.24 10:54:13 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.03.22 17:28:26 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.22 16:41:47 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.21 19:08:43 | 000,646,001 | ---- | C] () -- C:\Users\(X)\Desktop\2012-03-21 18.02.19.jpg [2012.03.14 23:40:21 | 043,578,663 | ---- | C] () -- C:\Users\(X)\Documents\3Plusss - Kindskopf EP 2012.zip [2012.03.14 23:22:49 | 080,219,982 | ---- | C] () -- C:\Users\(X)\Documents\donetasy-lesbensindcoolhomossindschwul.7z [2012.03.06 12:48:54 | 000,005,350 | ---- | C] () -- C:\Users\(X)\Documents\besser.axp [2012.03.06 12:26:39 | 000,869,772 | ---- | C] () -- C:\Users\(X)\Documents\61805-5.mp3 [2012.03.06 12:11:48 | 000,664,554 | ---- | C] () -- C:\Users\(X)\Documents\62357-3.mp3 [2012.03.06 12:11:19 | 001,313,226 | ---- | C] () -- C:\Users\(X)\Documents\62804-5.mp3 [2012.03.06 12:11:08 | 001,137,265 | ---- | C] () -- C:\Users\(X)\Documents\62804-3.mp3 [2012.03.06 12:10:04 | 000,598,307 | ---- | C] () -- C:\Users\(X)\Documents\59758-5.mp3 [2012.03.06 12:09:08 | 000,431,750 | ---- | C] () -- C:\Users\(X)\Documents\60249-3.mp3 [2012.03.06 12:08:08 | 000,708,439 | ---- | C] () -- C:\Users\(X)\Documents\61332-9.mp3 [2012.03.06 12:07:46 | 001,042,807 | ---- | C] () -- C:\Users\(X)\Documents\61332-3.mp3 [2012.03.06 12:07:09 | 001,176,136 | ---- | C] () -- C:\Users\(X)\Documents\63359-2.mp3 [2012.03.05 13:07:55 | 000,190,896 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.pdf [2012.03.05 13:07:54 | 000,010,182 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.synctex.gz [2012.03.05 13:07:54 | 000,000,009 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.aux [2012.03.05 13:07:51 | 000,003,562 | ---- | C] () -- C:\Users\(X)\LineareAlgebraII.tex [2012.03.04 23:52:59 | 000,211,731 | ---- | C] () -- C:\Users\(X)\Analysis.pdf [2012.03.04 23:52:59 | 000,010,052 | ---- | C] () -- C:\Users\(X)\Analysis.synctex.gz [2012.03.04 23:49:34 | 000,000,009 | ---- | C] () -- C:\Users\(X)\Analysis.aux [2012.03.04 23:49:32 | 000,003,631 | ---- | C] () -- C:\Users\(X)\Analysis.tex [2012.03.04 23:26:45 | 000,152,973 | ---- | C] () -- C:\Users\(X)\AlgebraI.pdf [2012.03.04 23:26:45 | 000,005,387 | ---- | C] () -- C:\Users\(X)\AlgebraI.synctex.gz [2012.03.04 23:26:45 | 000,000,009 | ---- | C] () -- C:\Users\(X)\AlgebraI.aux [2012.03.04 23:26:31 | 000,002,004 | ---- | C] () -- C:\Users\(X)\AlgebraI.tex [2012.03.04 23:04:55 | 000,217,298 | ---- | C] () -- C:\Users\(X)\Stochastik.pdf [2012.03.04 23:04:55 | 000,012,150 | ---- | C] () -- C:\Users\(X)\Stochastik.synctex.gz [2012.03.04 23:04:55 | 000,000,009 | ---- | C] () -- C:\Users\(X)\Stochastik.aux [2012.03.04 23:04:52 | 000,004,136 | ---- | C] () -- C:\Users\(X)\Stochastik.tex [2012.03.04 21:28:27 | 000,011,706 | ---- | C] () -- C:\Users\(X)\bla.synctex.gz [2012.03.04 21:24:16 | 000,176,411 | ---- | C] () -- C:\Users\(X)\bla.pdf [2012.03.04 21:24:16 | 000,000,009 | ---- | C] () -- C:\Users\(X)\bla.aux [2012.03.04 21:23:45 | 000,003,909 | ---- | C] () -- C:\Users\(X)\bla.tex [2012.03.04 20:46:37 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\TexMakerX.lnk [2012.03.04 20:02:52 | 1223,854,878 | ---- | C] () -- C:\Users\(X)\Documents\ProTeXt-3.0-070811.exe [2012.03.04 17:29:17 | 046,751,131 | ---- | C] () -- C:\Users\(X)\Documents\The Edgar Wasser Freetrack Collection Vol. 2.zip [2012.03.01 14:44:18 | 000,023,099 | ---- | C] () -- C:\Users\(X)\Documents\NoteCode.pdf [2011.07.14 11:57:02 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll [2011.07.14 11:57:02 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll [2011.07.14 11:57:02 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll [2011.04.22 16:59:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.04.22 16:59:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.13 12:02:20 | 000,005,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.22 18:56:26 | 000,245,227 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.01.22 18:56:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.07.22 19:01:03 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.07.20 16:56:29 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.07.19 20:56:29 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2010.06.26 16:15:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.26 10:04:21 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== LOP Check ========== [2011.07.16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\.minecraft [2010.09.09 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Amazon [2011.11.11 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Audacity [2012.03.04 21:17:50 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\benibela [2010.07.22 19:01:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Canneverbe Limited [2011.10.01 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoft [2011.04.17 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.30 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Dyyno [2011.08.14 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\FileZilla [2011.08.01 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\gtk-2.0 [2012.03.25 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\ICQ [2012.03.23 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\IrfanView [2012.03.04 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\LyX2.0 [2010.10.12 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\OpenOffice.org [2010.08.23 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Publish Providers [2012.01.20 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony [2010.07.16 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony Setup [2012.03.25 11:17:09 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.02.19 11:39:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\.minecraft [2010.06.26 10:18:33 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Adobe [2010.09.09 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Amazon [2011.11.11 22:33:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Audacity [2012.03.22 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Avira [2012.03.04 21:17:50 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\benibela [2010.07.22 19:01:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Canneverbe Limited [2012.02.13 15:54:41 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\codeblocks [2011.04.02 00:54:31 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DivX [2011.10.01 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoft [2011.04.17 19:28:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.30 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Dyyno [2011.08.14 13:30:28 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\FileZilla [2011.08.01 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\gtk-2.0 [2011.01.27 22:35:37 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\HP [2012.03.25 19:15:03 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\ICQ [2010.06.26 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Identities [2012.03.23 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\IrfanView [2012.03.04 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\LyX2.0 [2010.06.26 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Macromedia [2012.03.22 17:28:35 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Media Center Programs [2010.12.25 00:57:22 | 000,000,000 | --SD | M] -- C:\Users\(X)\AppData\Roaming\Microsoft [2012.03.04 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\MiKTeX [2010.06.26 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Mozilla [2011.09.25 00:02:15 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\NCH Software [2011.08.10 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\NVIDIA [2010.10.12 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\OpenOffice.org [2010.08.23 01:43:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Publish Providers [2011.06.09 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Real [2012.03.25 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Skype [2011.07.05 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\skypePM [2012.01.20 20:55:43 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony [2010.07.16 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\Sony Setup [2010.07.19 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\(X)\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.07.20 16:34:10 | 000,029,926 | R--- | M] () -- C:\Users\(X)\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2010.07.16 19:21:21 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\(X)\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
26.03.2012, 11:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D ED 23 E8 04 15 CB 01 [binary data]
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes,DefaultScope = {1C382ED4-890E-450E-A652-039EAB49E97E}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell - "" = AutoRun
O33 - MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell - "" = AutoRun
O33 - MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\Shell\AutoRun\command - "" = E:\pushinst.exe
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 12:31
| #11 |
| | BKA Virus "Betriebssystem gesperrt" Hier das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1956246589-3836188182-3508371448-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1C382ED4-890E-450E-A652-039EAB49E97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C382ED4-890E-450E-A652-039EAB49E97E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1956246589-3836188182-3508371448-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32e67b21-90b2-11df-bf57-001a4f9c054a}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7e3760-8126-11df-863c-6cf0490be230}\ not found.
File E:\pushinst.exe not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: (X)
->Temp folder emptied: 1943242629 bytes
->Temporary Internet Files folder emptied: 159891423 bytes
->Java cache emptied: 11397444 bytes
->FireFox cache emptied: 960933711 bytes
->Flash cache emptied: 436409 bytes
User: AppData
User: copy
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 295954974 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 46780202189 bytes
Total Files Cleaned = 47.829,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03262012_131438
Files\Folders moved on Reboot...
C:\Users\(X)\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
26.03.2012, 15:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 16:44
| #13 |
| | BKA Virus "Betriebssystem gesperrt" TDSS-Log: Code:
ATTFilter 17:42:28.0314 4900 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:42:28.0510 4900 ============================================================
17:42:28.0510 4900 Current date / time: 2012/03/26 17:42:28.0510
17:42:28.0510 4900 SystemInfo:
17:42:28.0510 4900
17:42:28.0510 4900 OS Version: 6.1.7601 ServicePack: 1.0
17:42:28.0510 4900 Product type: Workstation
17:42:28.0511 4900 ComputerName: -PC-
17:42:28.0511 4900 UserName: (X)
17:42:28.0511 4900 Windows directory: C:\Windows
17:42:28.0511 4900 System windows directory: C:\Windows
17:42:28.0511 4900 Running under WOW64
17:42:28.0511 4900 Processor architecture: Intel x64
17:42:28.0511 4900 Number of processors: 4
17:42:28.0511 4900 Page size: 0x1000
17:42:28.0511 4900 Boot type: Normal boot
17:42:28.0511 4900 ============================================================
17:42:30.0443 4900 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
17:42:30.0446 4900 \Device\Harddisk0\DR0:
17:42:30.0446 4900 MBR used
17:42:30.0446 4900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:42:30.0446 4900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BD800
17:42:30.0446 4900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0000, BlocksNum 0x4FD15800
17:42:30.0537 4900 Initialize success
17:42:30.0537 4900 ============================================================
17:43:01.0486 4888 ============================================================
17:43:01.0486 4888 Scan started
17:43:01.0486 4888 Mode: Manual; SigCheck; TDLFS;
17:43:01.0486 4888 ============================================================
17:43:02.0559 4888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:43:02.0667 4888 1394ohci - ok
17:43:02.0706 4888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:43:02.0719 4888 ACPI - ok
17:43:02.0760 4888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:43:02.0929 4888 AcpiPmi - ok
17:43:02.0998 4888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:43:03.0014 4888 adp94xx - ok
17:43:03.0035 4888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:43:03.0048 4888 adpahci - ok
17:43:03.0064 4888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:43:03.0075 4888 adpu320 - ok
17:43:03.0096 4888 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:43:03.0187 4888 AeLookupSvc - ok
17:43:03.0224 4888 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:43:03.0273 4888 AFD - ok
17:43:03.0291 4888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:43:03.0301 4888 agp440 - ok
17:43:03.0317 4888 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:43:03.0367 4888 ALG - ok
17:43:03.0384 4888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:43:03.0393 4888 aliide - ok
17:43:03.0400 4888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:43:03.0407 4888 amdide - ok
17:43:03.0426 4888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:43:03.0466 4888 AmdK8 - ok
17:43:03.0519 4888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:43:03.0549 4888 AmdPPM - ok
17:43:03.0580 4888 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
17:43:03.0599 4888 amdsata - ok
17:43:03.0659 4888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:43:03.0669 4888 amdsbs - ok
17:43:03.0685 4888 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
17:43:03.0691 4888 amdxata - ok
17:43:03.0877 4888 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:43:03.0884 4888 AntiVirSchedulerService - ok
17:43:03.0933 4888 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:43:03.0939 4888 AntiVirService - ok
17:43:03.0976 4888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:43:04.0020 4888 AppID - ok
17:43:04.0035 4888 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:43:04.0084 4888 AppIDSvc - ok
17:43:04.0114 4888 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:43:04.0154 4888 Appinfo - ok
17:43:04.0187 4888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:43:04.0198 4888 arc - ok
17:43:04.0207 4888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:43:04.0216 4888 arcsas - ok
17:43:04.0248 4888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:04.0292 4888 AsyncMac - ok
17:43:04.0308 4888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:43:04.0318 4888 atapi - ok
17:43:04.0351 4888 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:04.0401 4888 AudioEndpointBuilder - ok
17:43:04.0410 4888 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:43:04.0445 4888 AudioSrv - ok
17:43:04.0505 4888 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
17:43:04.0512 4888 avgntflt - ok
17:43:04.0541 4888 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
17:43:04.0550 4888 avipbb - ok
17:43:04.0563 4888 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:43:04.0569 4888 avkmgr - ok
17:43:04.0619 4888 AVM WLAN Connection Service (d1a9ae485fff7c72ca50d8949b2210b9) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
17:43:04.0626 4888 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
17:43:04.0626 4888 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
17:43:04.0648 4888 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
17:43:04.0655 4888 avmeject - ok
17:43:04.0694 4888 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:43:04.0779 4888 AxInstSV - ok
17:43:04.0811 4888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:43:04.0874 4888 b06bdrv - ok
17:43:04.0894 4888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:04.0916 4888 b57nd60a - ok
17:43:04.0987 4888 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:43:05.0025 4888 BDESVC - ok
17:43:05.0037 4888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:43:05.0079 4888 Beep - ok
17:43:05.0134 4888 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:43:05.0169 4888 BFE - ok
17:43:05.0212 4888 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:43:05.0264 4888 BITS - ok
17:43:05.0295 4888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:43:05.0335 4888 blbdrive - ok
17:43:05.0373 4888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:43:05.0410 4888 bowser - ok
17:43:05.0452 4888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:43:05.0502 4888 BrFiltLo - ok
17:43:05.0512 4888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:43:05.0525 4888 BrFiltUp - ok
17:43:05.0593 4888 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:43:05.0640 4888 Browser - ok
17:43:05.0660 4888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:43:05.0740 4888 Brserid - ok
17:43:05.0754 4888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:05.0781 4888 BrSerWdm - ok
17:43:05.0803 4888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:05.0847 4888 BrUsbMdm - ok
17:43:05.0853 4888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:05.0865 4888 BrUsbSer - ok
17:43:05.0887 4888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:43:05.0911 4888 BTHMODEM - ok
17:43:05.0967 4888 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:43:05.0997 4888 bthserv - ok
17:43:06.0016 4888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:43:06.0057 4888 cdfs - ok
17:43:06.0099 4888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:43:06.0125 4888 cdrom - ok
17:43:06.0153 4888 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:43:06.0209 4888 CertPropSvc - ok
17:43:06.0216 4888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:43:06.0229 4888 circlass - ok
17:43:06.0253 4888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:43:06.0267 4888 CLFS - ok
17:43:06.0317 4888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:06.0327 4888 clr_optimization_v2.0.50727_32 - ok
17:43:06.0370 4888 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:06.0379 4888 clr_optimization_v2.0.50727_64 - ok
17:43:06.0495 4888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:43:06.0516 4888 clr_optimization_v4.0.30319_32 - ok
17:43:06.0554 4888 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:43:06.0562 4888 clr_optimization_v4.0.30319_64 - ok
17:43:06.0583 4888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:43:06.0593 4888 CmBatt - ok
17:43:06.0612 4888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:43:06.0619 4888 cmdide - ok
17:43:06.0673 4888 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:43:06.0693 4888 CNG - ok
17:43:06.0707 4888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:43:06.0715 4888 Compbatt - ok
17:43:06.0749 4888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:43:06.0801 4888 CompositeBus - ok
17:43:06.0819 4888 COMSysApp - ok
17:43:06.0839 4888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:43:06.0846 4888 crcdisk - ok
17:43:06.0880 4888 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:43:06.0939 4888 CryptSvc - ok
17:43:06.0980 4888 DCamUSBEMPIA (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
17:43:07.0039 4888 DCamUSBEMPIA - ok
17:43:07.0077 4888 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:43:07.0126 4888 DcomLaunch - ok
17:43:07.0166 4888 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:43:07.0209 4888 defragsvc - ok
17:43:07.0264 4888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:43:07.0305 4888 DfsC - ok
17:43:07.0326 4888 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:43:07.0356 4888 Dhcp - ok
17:43:07.0402 4888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:43:07.0467 4888 discache - ok
17:43:07.0564 4888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:43:07.0572 4888 Disk - ok
17:43:07.0621 4888 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:43:07.0663 4888 Dnscache - ok
17:43:07.0689 4888 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:43:07.0729 4888 dot3svc - ok
17:43:07.0772 4888 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:43:07.0800 4888 Dot4 - ok
17:43:07.0850 4888 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:43:07.0875 4888 Dot4Print - ok
17:43:07.0904 4888 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:43:07.0930 4888 dot4usb - ok
17:43:07.0963 4888 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:43:08.0000 4888 DPS - ok
17:43:08.0030 4888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:43:08.0055 4888 drmkaud - ok
17:43:08.0093 4888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:43:08.0116 4888 DXGKrnl - ok
17:43:08.0198 4888 Dyyno Launcher (2de3e24ee3409ce33f49b2d7b6603360) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
17:43:08.0208 4888 Dyyno Launcher - ok
17:43:08.0220 4888 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:43:08.0251 4888 EapHost - ok
17:43:08.0306 4888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:43:08.0357 4888 ebdrv - ok
17:43:08.0392 4888 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:43:08.0430 4888 EFS - ok
17:43:08.0465 4888 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:43:08.0511 4888 ehRecvr - ok
17:43:08.0531 4888 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:43:08.0568 4888 ehSched - ok
17:43:08.0601 4888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:43:08.0617 4888 elxstor - ok
17:43:08.0679 4888 emAudio (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
17:43:08.0710 4888 emAudio - ok
17:43:08.0742 4888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:43:08.0763 4888 ErrDev - ok
17:43:08.0795 4888 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:43:08.0842 4888 EventSystem - ok
17:43:08.0858 4888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:43:08.0902 4888 exfat - ok
17:43:08.0920 4888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:43:08.0964 4888 fastfat - ok
17:43:09.0007 4888 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:43:09.0050 4888 Fax - ok
17:43:09.0063 4888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:43:09.0073 4888 fdc - ok
17:43:09.0104 4888 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:43:09.0144 4888 fdPHost - ok
17:43:09.0162 4888 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:43:09.0206 4888 FDResPub - ok
17:43:09.0218 4888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:43:09.0227 4888 FileInfo - ok
17:43:09.0250 4888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:43:09.0288 4888 Filetrace - ok
17:43:09.0312 4888 FiltUSBEMPIA (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
17:43:09.0349 4888 FiltUSBEMPIA - ok
17:43:09.0371 4888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:43:09.0381 4888 flpydisk - ok
17:43:09.0402 4888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:43:09.0414 4888 FltMgr - ok
17:43:09.0471 4888 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:43:09.0517 4888 FontCache - ok
17:43:09.0597 4888 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:09.0604 4888 FontCache3.0.0.0 - ok
17:43:09.0620 4888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:43:09.0630 4888 FsDepends - ok
17:43:09.0645 4888 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:43:09.0653 4888 Fs_Rec - ok
17:43:09.0708 4888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:43:09.0723 4888 fvevol - ok
17:43:09.0766 4888 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
17:43:09.0806 4888 FWLANUSB - ok
17:43:09.0834 4888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:43:09.0842 4888 gagp30kx - ok
17:43:09.0858 4888 gdrv - ok
17:43:09.0891 4888 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:43:09.0941 4888 gpsvc - ok
17:43:09.0961 4888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:43:09.0998 4888 hcw85cir - ok
17:43:10.0030 4888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:43:10.0047 4888 HdAudAddService - ok
17:43:10.0071 4888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:43:10.0084 4888 HDAudBus - ok
17:43:10.0102 4888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:43:10.0113 4888 HidBatt - ok
17:43:10.0124 4888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:43:10.0137 4888 HidBth - ok
17:43:10.0146 4888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:43:10.0170 4888 HidIr - ok
17:43:10.0203 4888 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:43:10.0247 4888 hidserv - ok
17:43:10.0288 4888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:43:10.0298 4888 HidUsb - ok
17:43:10.0323 4888 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:43:10.0365 4888 hkmsvc - ok
17:43:10.0388 4888 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:43:10.0429 4888 HomeGroupListener - ok
17:43:10.0449 4888 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:43:10.0470 4888 HomeGroupProvider - ok
17:43:10.0674 4888 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:43:10.0693 4888 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0693 4888 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:43:10.0714 4888 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:43:10.0718 4888 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0718 4888 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:43:10.0784 4888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:43:10.0841 4888 HpSAMD - ok
17:43:10.0916 4888 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:43:10.0948 4888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:43:10.0948 4888 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:43:10.0988 4888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:43:11.0037 4888 HTTP - ok
17:43:11.0072 4888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:43:11.0082 4888 hwpolicy - ok
17:43:11.0142 4888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:43:11.0153 4888 i8042prt - ok
17:43:11.0191 4888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:43:11.0207 4888 iaStorV - ok
17:43:11.0349 4888 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:11.0370 4888 idsvc - ok
17:43:11.0391 4888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:43:11.0401 4888 iirsp - ok
17:43:11.0423 4888 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:43:11.0470 4888 IKEEXT - ok
17:43:11.0540 4888 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
17:43:11.0579 4888 IntcAzAudAddService - ok
17:43:11.0597 4888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:43:11.0604 4888 intelide - ok
17:43:11.0627 4888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:43:11.0651 4888 intelppm - ok
17:43:11.0685 4888 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:43:11.0728 4888 IPBusEnum - ok
17:43:11.0756 4888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:11.0794 4888 IpFilterDriver - ok
17:43:11.0815 4888 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:43:11.0866 4888 iphlpsvc - ok
17:43:11.0892 4888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:43:11.0903 4888 IPMIDRV - ok
17:43:11.0925 4888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:43:11.0964 4888 IPNAT - ok
17:43:11.0987 4888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:43:12.0040 4888 IRENUM - ok
17:43:12.0056 4888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:43:12.0067 4888 isapnp - ok
17:43:12.0087 4888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:43:12.0099 4888 iScsiPrt - ok
17:43:12.0121 4888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:43:12.0131 4888 kbdclass - ok
17:43:12.0162 4888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:43:12.0185 4888 kbdhid - ok
17:43:12.0210 4888 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:12.0219 4888 KeyIso - ok
17:43:12.0247 4888 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:43:12.0256 4888 KSecDD - ok
17:43:12.0287 4888 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:43:12.0299 4888 KSecPkg - ok
17:43:12.0319 4888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:43:12.0357 4888 ksthunk - ok
17:43:12.0386 4888 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:43:12.0431 4888 KtmRm - ok
17:43:12.0451 4888 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:43:12.0491 4888 LanmanServer - ok
17:43:12.0519 4888 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:43:12.0563 4888 LanmanWorkstation - ok
17:43:12.0771 4888 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:43:12.0804 4888 Lavasoft Ad-Aware Service - ok
17:43:12.0845 4888 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:43:12.0852 4888 Lavasoft Kernexplorer - ok
17:43:12.0883 4888 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
17:43:12.0890 4888 Lbd - ok
17:43:12.0934 4888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:43:12.0974 4888 lltdio - ok
17:43:13.0002 4888 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:43:13.0047 4888 lltdsvc - ok
17:43:13.0077 4888 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:43:13.0106 4888 lmhosts - ok
17:43:13.0137 4888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:43:13.0146 4888 LSI_FC - ok
17:43:13.0175 4888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:43:13.0187 4888 LSI_SAS - ok
17:43:13.0197 4888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:43:13.0205 4888 LSI_SAS2 - ok
17:43:13.0214 4888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:43:13.0224 4888 LSI_SCSI - ok
17:43:13.0245 4888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:43:13.0287 4888 luafv - ok
17:43:13.0314 4888 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
17:43:13.0331 4888 MarvinBus - ok
17:43:13.0376 4888 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:43:13.0384 4888 MBAMProtector - ok
17:43:13.0430 4888 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:43:13.0446 4888 MBAMService - ok
17:43:13.0470 4888 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:43:13.0494 4888 Mcx2Svc - ok
17:43:13.0515 4888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:43:13.0523 4888 megasas - ok
17:43:13.0548 4888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:43:13.0560 4888 MegaSR - ok
17:43:13.0620 4888 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:43:13.0662 4888 MMCSS - ok
17:43:13.0683 4888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:43:13.0721 4888 Modem - ok
17:43:13.0758 4888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:43:13.0786 4888 monitor - ok
17:43:13.0811 4888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:43:13.0819 4888 mouclass - ok
17:43:13.0860 4888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:43:13.0883 4888 mouhid - ok
17:43:13.0911 4888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:43:13.0920 4888 mountmgr - ok
17:43:13.0953 4888 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:43:13.0964 4888 MpFilter - ok
17:43:14.0004 4888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:43:14.0014 4888 mpio - ok
17:43:14.0047 4888 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:43:14.0054 4888 MpNWMon - ok
17:43:14.0070 4888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:43:14.0099 4888 mpsdrv - ok
17:43:14.0139 4888 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:43:14.0187 4888 MpsSvc - ok
17:43:14.0213 4888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:43:14.0241 4888 MRxDAV - ok
17:43:14.0265 4888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:14.0298 4888 mrxsmb - ok
17:43:14.0332 4888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:14.0360 4888 mrxsmb10 - ok
17:43:14.0377 4888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:14.0388 4888 mrxsmb20 - ok
17:43:14.0405 4888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:43:14.0413 4888 msahci - ok
17:43:14.0430 4888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:43:14.0440 4888 msdsm - ok
17:43:14.0461 4888 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:43:14.0484 4888 MSDTC - ok
17:43:14.0524 4888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:43:14.0552 4888 Msfs - ok
17:43:14.0583 4888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:43:14.0652 4888 mshidkmdf - ok
17:43:14.0807 4888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:43:14.0814 4888 msisadrv - ok
17:43:14.0842 4888 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:43:14.0886 4888 MSiSCSI - ok
17:43:14.0892 4888 msiserver - ok
17:43:14.0924 4888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:43:14.0953 4888 MSKSSRV - ok
17:43:15.0068 4888 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:43:15.0076 4888 MsMpSvc - ok
17:43:15.0083 4888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:15.0112 4888 MSPCLOCK - ok
17:43:15.0126 4888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:43:15.0166 4888 MSPQM - ok
17:43:15.0200 4888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:43:15.0214 4888 MsRPC - ok
17:43:15.0238 4888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:43:15.0245 4888 mssmbios - ok
17:43:15.0262 4888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:43:15.0290 4888 MSTEE - ok
17:43:15.0298 4888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:43:15.0320 4888 MTConfig - ok
17:43:15.0352 4888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:43:15.0361 4888 Mup - ok
17:43:15.0395 4888 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:43:15.0439 4888 napagent - ok
17:43:15.0473 4888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:43:15.0506 4888 NativeWifiP - ok
17:43:15.0532 4888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:43:15.0554 4888 NDIS - ok
17:43:15.0591 4888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:15.0620 4888 NdisCap - ok
17:43:15.0651 4888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:15.0681 4888 NdisTapi - ok
17:43:15.0718 4888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:15.0759 4888 Ndisuio - ok
17:43:15.0833 4888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:15.0877 4888 NdisWan - ok
17:43:15.0905 4888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:43:15.0945 4888 NDProxy - ok
17:43:15.0984 4888 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:43:15.0999 4888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:43:15.0999 4888 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:43:16.0026 4888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:43:16.0065 4888 NetBIOS - ok
17:43:16.0096 4888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:43:16.0126 4888 NetBT - ok
17:43:16.0159 4888 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:16.0168 4888 Netlogon - ok
17:43:16.0205 4888 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:43:16.0257 4888 Netman - ok
17:43:16.0281 4888 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:43:16.0314 4888 netprofm - ok
17:43:16.0377 4888 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:43:16.0385 4888 NetTcpPortSharing - ok
17:43:16.0399 4888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:43:16.0408 4888 nfrd960 - ok
17:43:16.0457 4888 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:43:16.0465 4888 NisDrv - ok
17:43:16.0565 4888 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
17:43:16.0579 4888 NisSrv - ok
17:43:16.0601 4888 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:43:16.0644 4888 NlaSvc - ok
17:43:16.0735 4888 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
17:43:16.0743 4888 NMSAccess - ok
17:43:16.0777 4888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:43:16.0806 4888 Npfs - ok
17:43:16.0819 4888 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:43:16.0862 4888 nsi - ok
17:43:16.0884 4888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:43:16.0924 4888 nsiproxy - ok
17:43:16.0969 4888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:43:17.0006 4888 Ntfs - ok
17:43:17.0023 4888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:43:17.0055 4888 Null - ok
17:43:17.0096 4888 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
17:43:17.0104 4888 NVHDA - ok
17:43:17.0307 4888 nvlddmkm (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:43:17.0528 4888 nvlddmkm - ok
17:43:17.0579 4888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:43:17.0589 4888 nvraid - ok
17:43:17.0613 4888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:43:17.0623 4888 nvstor - ok
17:43:17.0641 4888 nvsvc (9d20f4a43b0e0123b1633a05bd1d7113) C:\Windows\system32\nvvsvc.exe
17:43:17.0649 4888 nvsvc - ok
17:43:17.0680 4888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:43:17.0689 4888 nv_agp - ok
17:43:17.0714 4888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:43:17.0738 4888 ohci1394 - ok
17:43:17.0767 4888 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:17.0810 4888 p2pimsvc - ok
17:43:17.0828 4888 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:43:17.0843 4888 p2psvc - ok
17:43:17.0887 4888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:43:17.0900 4888 Parport - ok
17:43:17.0935 4888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:43:17.0944 4888 partmgr - ok
17:43:17.0958 4888 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:43:17.0989 4888 PcaSvc - ok
17:43:18.0013 4888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:43:18.0027 4888 pci - ok
17:43:18.0057 4888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:43:18.0066 4888 pciide - ok
17:43:18.0090 4888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:43:18.0104 4888 pcmcia - ok
17:43:18.0122 4888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:43:18.0133 4888 pcw - ok
17:43:18.0153 4888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:43:18.0201 4888 PEAUTH - ok
17:43:18.0246 4888 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:43:18.0269 4888 PerfHost - ok
17:43:18.0319 4888 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:43:18.0380 4888 pla - ok
17:43:18.0419 4888 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:43:18.0444 4888 PlugPlay - ok
17:43:18.0501 4888 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:43:18.0506 4888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:43:18.0506 4888 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:43:18.0524 4888 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:43:18.0549 4888 PNRPAutoReg - ok
17:43:18.0573 4888 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:43:18.0586 4888 PNRPsvc - ok
17:43:18.0613 4888 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:43:18.0662 4888 PolicyAgent - ok
17:43:18.0693 4888 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:43:18.0736 4888 Power - ok
17:43:18.0765 4888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:43:18.0794 4888 PptpMiniport - ok
17:43:18.0821 4888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:43:18.0846 4888 Processor - ok
17:43:18.0877 4888 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:43:18.0923 4888 ProfSvc - ok
17:43:18.0949 4888 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:18.0962 4888 ProtectedStorage - ok
17:43:19.0003 4888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:43:19.0036 4888 Psched - ok
17:43:19.0082 4888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:43:19.0120 4888 ql2300 - ok
17:43:19.0135 4888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:43:19.0147 4888 ql40xx - ok
17:43:19.0170 4888 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:43:19.0189 4888 QWAVE - ok
17:43:19.0202 4888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:43:19.0230 4888 QWAVEdrv - ok
17:43:19.0249 4888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:43:19.0291 4888 RasAcd - ok
17:43:19.0322 4888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:19.0351 4888 RasAgileVpn - ok
17:43:19.0362 4888 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:43:19.0402 4888 RasAuto - ok
17:43:19.0433 4888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:19.0471 4888 Rasl2tp - ok
17:43:19.0505 4888 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:43:19.0553 4888 RasMan - ok
17:43:19.0591 4888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:19.0630 4888 RasPppoe - ok
17:43:19.0663 4888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:43:19.0698 4888 RasSstp - ok
17:43:19.0738 4888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:43:19.0769 4888 rdbss - ok
17:43:19.0782 4888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:43:19.0802 4888 rdpbus - ok
17:43:19.0825 4888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:19.0854 4888 RDPCDD - ok
17:43:19.0867 4888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:43:19.0911 4888 RDPENCDD - ok
17:43:19.0938 4888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:43:19.0968 4888 RDPREFMP - ok
17:43:20.0008 4888 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:43:20.0026 4888 RDPWD - ok
17:43:20.0061 4888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:43:20.0072 4888 rdyboost - ok
17:43:20.0104 4888 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:43:20.0148 4888 RemoteAccess - ok
17:43:20.0172 4888 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:43:20.0217 4888 RemoteRegistry - ok
17:43:20.0254 4888 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:43:20.0285 4888 RpcEptMapper - ok
17:43:20.0293 4888 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:43:20.0317 4888 RpcLocator - ok
17:43:20.0342 4888 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:43:20.0374 4888 RpcSs - ok
17:43:20.0392 4888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:43:20.0422 4888 rspndr - ok
17:43:20.0471 4888 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:43:20.0483 4888 RTL8167 - ok
17:43:20.0564 4888 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
17:43:20.0593 4888 s0016bus - ok
17:43:20.0670 4888 s1029bus (68f717bc57b0fe12011eb9517c97f78d) C:\Windows\system32\DRIVERS\s1029bus.sys
17:43:20.0678 4888 s1029bus - ok
17:43:20.0685 4888 s1029mdfl (fcfafa529f4fa27b02fce1e52a84922e) C:\Windows\system32\DRIVERS\s1029mdfl.sys
17:43:20.0691 4888 s1029mdfl - ok
17:43:20.0719 4888 s1029mdm (35bd0866eb422ab2d7c8f0ddcc67bf7c) C:\Windows\system32\DRIVERS\s1029mdm.sys
17:43:20.0727 4888 s1029mdm - ok
17:43:20.0735 4888 s1029mgmt (e0fd4f4f42b76e910cc4295c97aa30ba) C:\Windows\system32\DRIVERS\s1029mgmt.sys
17:43:20.0744 4888 s1029mgmt - ok
17:43:20.0772 4888 s1029nd5 (90276f1d842eb96f82510e73fdb792ad) C:\Windows\system32\DRIVERS\s1029nd5.sys
17:43:20.0779 4888 s1029nd5 - ok
17:43:20.0787 4888 s1029obex (128ed45223fab846e8436a2f2baebb55) C:\Windows\system32\DRIVERS\s1029obex.sys
17:43:20.0795 4888 s1029obex - ok
17:43:20.0804 4888 s1029unic (400fc5591586a1dfecf7a0cfaa6b0d68) C:\Windows\system32\DRIVERS\s1029unic.sys
17:43:20.0813 4888 s1029unic - ok
17:43:20.0846 4888 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:20.0855 4888 SamSs - ok
17:43:20.0886 4888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:43:20.0895 4888 sbp2port - ok
17:43:20.0934 4888 ScanUSBEMPIA (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
17:43:20.0958 4888 ScanUSBEMPIA - ok
17:43:20.0992 4888 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:43:21.0032 4888 SCardSvr - ok
17:43:21.0064 4888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:43:21.0094 4888 scfilter - ok
17:43:21.0135 4888 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:43:21.0184 4888 Schedule - ok
17:43:21.0207 4888 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:43:21.0238 4888 SCPolicySvc - ok
17:43:21.0267 4888 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:43:21.0313 4888 SDRSVC - ok
17:43:21.0329 4888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:43:21.0372 4888 secdrv - ok
17:43:21.0398 4888 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:43:21.0443 4888 seclogon - ok
17:43:21.0461 4888 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:43:21.0492 4888 SENS - ok
17:43:21.0505 4888 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:43:21.0520 4888 SensrSvc - ok
17:43:21.0563 4888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:43:21.0572 4888 Serenum - ok
17:43:21.0585 4888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:43:21.0610 4888 Serial - ok
17:43:21.0646 4888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:43:21.0656 4888 sermouse - ok
17:43:21.0690 4888 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:43:21.0737 4888 SessionEnv - ok
17:43:21.0761 4888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:43:21.0800 4888 sffdisk - ok
17:43:21.0813 4888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:43:21.0833 4888 sffp_mmc - ok
17:43:21.0839 4888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:43:21.0856 4888 sffp_sd - ok
17:43:21.0882 4888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:43:21.0901 4888 sfloppy - ok
17:43:21.0925 4888 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:43:21.0963 4888 SharedAccess - ok
17:43:21.0996 4888 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:43:22.0030 4888 ShellHWDetection - ok
17:43:22.0049 4888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:43:22.0058 4888 SiSRaid2 - ok
17:43:22.0067 4888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:43:22.0076 4888 SiSRaid4 - ok
17:43:22.0109 4888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:43:22.0139 4888 Smb - ok
17:43:22.0170 4888 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:43:22.0182 4888 SNMPTRAP - ok
17:43:22.0197 4888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:43:22.0205 4888 spldr - ok
17:43:22.0233 4888 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:43:22.0266 4888 Spooler - ok
17:43:22.0340 4888 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:43:22.0413 4888 sppsvc - ok
17:43:22.0430 4888 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:43:22.0470 4888 sppuinotify - ok
17:43:22.0509 4888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:43:22.0530 4888 srv - ok
17:43:22.0552 4888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:43:22.0575 4888 srv2 - ok
17:43:22.0596 4888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:43:22.0622 4888 srvnet - ok
17:43:22.0642 4888 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:43:22.0673 4888 SSDPSRV - ok
17:43:22.0688 4888 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:43:22.0718 4888 SstpSvc - ok
17:43:22.0765 4888 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
17:43:22.0785 4888 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:43:22.0785 4888 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:43:22.0872 4888 Stereo Service (bad795e567a323481813c88db8bc8fdf) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:43:22.0880 4888 Stereo Service - ok
17:43:22.0898 4888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:43:22.0906 4888 stexstor - ok
17:43:22.0948 4888 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:43:22.0970 4888 stisvc - ok
17:43:23.0003 4888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:43:23.0011 4888 swenum - ok
17:43:23.0038 4888 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:43:23.0086 4888 swprv - ok
17:43:23.0137 4888 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:43:23.0185 4888 SysMain - ok
17:43:23.0213 4888 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:43:23.0239 4888 TabletInputService - ok
17:43:23.0259 4888 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:43:23.0303 4888 TapiSrv - ok
17:43:23.0320 4888 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:43:23.0350 4888 TBS - ok
17:43:23.0409 4888 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:43:23.0447 4888 Tcpip - ok
17:43:23.0487 4888 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:43:23.0517 4888 TCPIP6 - ok
17:43:23.0552 4888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:43:23.0594 4888 tcpipreg - ok
17:43:23.0624 4888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:43:23.0633 4888 TDPIPE - ok
17:43:23.0662 4888 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:43:23.0686 4888 TDTCP - ok
17:43:23.0725 4888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:43:23.0764 4888 tdx - ok
17:43:23.0789 4888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:43:23.0797 4888 TermDD - ok
17:43:23.0818 4888 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:43:23.0870 4888 TermService - ok
17:43:23.0893 4888 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:43:23.0924 4888 Themes - ok
17:43:23.0953 4888 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:43:23.0982 4888 THREADORDER - ok
17:43:24.0009 4888 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:43:24.0057 4888 TrkWks - ok
17:43:24.0100 4888 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:43:24.0138 4888 TrustedInstaller - ok
17:43:24.0165 4888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:43:24.0193 4888 tssecsrv - ok
17:43:24.0223 4888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:43:24.0253 4888 TsUsbFlt - ok
17:43:24.0305 4888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:43:24.0349 4888 tunnel - ok
17:43:24.0373 4888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:43:24.0382 4888 uagp35 - ok
17:43:24.0410 4888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:43:24.0455 4888 udfs - ok
17:43:24.0467 4888 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:43:24.0479 4888 UI0Detect - ok
17:43:24.0505 4888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:43:24.0513 4888 uliagpkx - ok
17:43:24.0546 4888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:43:24.0557 4888 umbus - ok
17:43:24.0573 4888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:43:24.0584 4888 UmPass - ok
17:43:24.0607 4888 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:43:24.0656 4888 upnphost - ok
17:43:24.0695 4888 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:43:24.0714 4888 usbaudio - ok
17:43:24.0727 4888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:43:24.0758 4888 usbccgp - ok
17:43:24.0800 4888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:43:24.0816 4888 usbcir - ok
17:43:24.0833 4888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:43:24.0854 4888 usbehci - ok
17:43:24.0898 4888 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
17:43:24.0904 4888 usbfilter - ok
17:43:24.0939 4888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:43:24.0970 4888 usbhub - ok
17:43:24.0992 4888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:43:25.0014 4888 usbohci - ok
17:43:25.0049 4888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:43:25.0070 4888 usbprint - ok
17:43:25.0111 4888 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:43:25.0123 4888 usbscan - ok
17:43:25.0148 4888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:43:25.0180 4888 USBSTOR - ok
17:43:25.0198 4888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:43:25.0217 4888 usbuhci - ok
17:43:25.0249 4888 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:43:25.0293 4888 UxSms - ok
17:43:25.0333 4888 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:43:25.0342 4888 VaultSvc - ok
17:43:25.0362 4888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:43:25.0373 4888 vdrvroot - ok
17:43:25.0412 4888 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:43:25.0455 4888 vds - ok
17:43:25.0472 4888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:43:25.0484 4888 vga - ok
17:43:25.0503 4888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:43:25.0543 4888 VgaSave - ok
17:43:25.0565 4888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:43:25.0577 4888 vhdmp - ok
17:43:25.0599 4888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:43:25.0607 4888 viaide - ok
17:43:25.0620 4888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:43:25.0629 4888 volmgr - ok
17:43:25.0654 4888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:43:25.0668 4888 volmgrx - ok
17:43:25.0683 4888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:43:25.0695 4888 volsnap - ok
17:43:25.0716 4888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:43:25.0726 4888 vsmraid - ok
17:43:25.0775 4888 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:43:25.0830 4888 VSS - ok
17:43:25.0848 4888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:43:25.0868 4888 vwifibus - ok
17:43:25.0891 4888 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:43:25.0925 4888 W32Time - ok
17:43:25.0938 4888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:43:25.0960 4888 WacomPen - ok
17:43:25.0977 4888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:43:26.0005 4888 WANARP - ok
17:43:26.0008 4888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:43:26.0035 4888 Wanarpv6 - ok
17:43:26.0176 4888 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:43:26.0204 4888 WatAdminSvc - ok
17:43:26.0247 4888 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:43:26.0290 4888 wbengine - ok
17:43:26.0316 4888 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:43:26.0332 4888 WbioSrvc - ok
17:43:26.0351 4888 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:43:26.0384 4888 wcncsvc - ok
17:43:26.0390 4888 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:43:26.0413 4888 WcsPlugInService - ok
17:43:26.0430 4888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:43:26.0439 4888 Wd - ok
17:43:26.0461 4888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:43:26.0479 4888 Wdf01000 - ok
17:43:26.0495 4888 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:43:26.0554 4888 WdiServiceHost - ok
17:43:26.0557 4888 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:43:26.0572 4888 WdiSystemHost - ok
17:43:26.0608 4888 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:43:26.0638 4888 WebClient - ok
17:43:26.0646 4888 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:43:26.0687 4888 Wecsvc - ok
17:43:26.0711 4888 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:43:26.0758 4888 wercplsupport - ok
17:43:26.0814 4888 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:43:26.0854 4888 WerSvc - ok
17:43:26.0873 4888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:43:26.0901 4888 WfpLwf - ok
17:43:26.0917 4888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:43:26.0925 4888 WIMMount - ok
17:43:26.0948 4888 WinDefend - ok
17:43:26.0954 4888 WinHttpAutoProxySvc - ok
17:43:26.0996 4888 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:43:27.0027 4888 Winmgmt - ok
17:43:27.0081 4888 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:43:27.0135 4888 WinRM - ok
17:43:27.0175 4888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:43:27.0198 4888 WinUsb - ok
17:43:27.0231 4888 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:43:27.0265 4888 Wlansvc - ok
17:43:27.0303 4888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:43:27.0314 4888 WmiAcpi - ok
17:43:27.0336 4888 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:43:27.0364 4888 wmiApSrv - ok
17:43:27.0391 4888 WMPNetworkSvc - ok
17:43:27.0420 4888 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:43:27.0440 4888 WPCSvc - ok
17:43:27.0470 4888 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:43:27.0483 4888 WPDBusEnum - ok
17:43:27.0492 4888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:43:27.0536 4888 ws2ifsl - ok
17:43:27.0552 4888 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:43:27.0581 4888 wscsvc - ok
17:43:27.0587 4888 WSearch - ok
17:43:27.0640 4888 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:43:27.0708 4888 wuauserv - ok
17:43:27.0743 4888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:43:27.0771 4888 WudfPf - ok
17:43:27.0801 4888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:43:27.0845 4888 WUDFRd - ok
17:43:27.0878 4888 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:43:27.0907 4888 wudfsvc - ok
17:43:27.0925 4888 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:43:27.0955 4888 WwanSvc - ok
17:43:28.0008 4888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:43:28.0099 4888 \Device\Harddisk0\DR0 - ok
17:43:28.0102 4888 Boot (0x1200) (7112c294c96c9ce0c5fbbb45dd64624a) \Device\Harddisk0\DR0\Partition0
17:43:28.0103 4888 \Device\Harddisk0\DR0\Partition0 - ok
17:43:28.0132 4888 Boot (0x1200) (e663cdf163cda29cd1f158d727afe038) \Device\Harddisk0\DR0\Partition1
17:43:28.0133 4888 \Device\Harddisk0\DR0\Partition1 - ok
17:43:28.0155 4888 Boot (0x1200) (09022e3159cefb407e35149eab6dd751) \Device\Harddisk0\DR0\Partition2
17:43:28.0156 4888 \Device\Harddisk0\DR0\Partition2 - ok
17:43:28.0157 4888 ============================================================
17:43:28.0157 4888 Scan finished
17:43:28.0157 4888 ============================================================
17:43:28.0167 4380 Detected object count: 7
17:43:28.0167 4380 Actual detected object count: 7
17:43:35.0578 4380 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0578 4380 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0580 4380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0580 4380 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0581 4380 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0581 4380 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0583 4380 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0583 4380 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0584 4380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0585 4380 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0586 4380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0586 4380 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:43:35.0588 4380 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:43:35.0588 4380 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.03.2012, 18:30
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Virus "Betriebssystem gesperrt" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2012, 23:47
| #15 |
| | BKA Virus "Betriebssystem gesperrt" Bitteschön: Code:
ATTFilter ComboFix 12-03-26.02 - (X) 27.03.2012 0:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4093.2826 [GMT 2:00]
ausgeführt von:: c:\users\(X)\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-26 bis 2012-03-26 ))))))))))))))))))))))))))))))
.
.
2012-03-26 22:30 . 2012-03-26 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-26 11:38 . 2012-03-13 19:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AE2217D-394F-4DDC-8A97-89648E19A3BA}\mpengine.dll
2012-03-26 11:14 . 2012-03-26 11:14 -------- d-----w- C:\_OTL
2012-03-24 19:07 . 2012-03-24 19:07 -------- d-----w- c:\program files (x86)\ESET
2012-03-22 15:28 . 2012-03-22 15:28 -------- d-----w- c:\users\(X)\AppData\Roaming\Malwarebytes
2012-03-22 15:28 . 2012-03-22 15:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-22 15:28 . 2012-03-22 15:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 15:28 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 14:47 . 2012-03-22 14:47 -------- d-----w- c:\users\(X)\AppData\Roaming\Avira
2012-03-22 14:41 . 2012-03-22 14:41 -------- d-----w- c:\programdata\Avira
2012-03-22 14:41 . 2012-03-22 14:41 -------- d-----w- c:\program files (x86)\Avira
2012-03-22 14:41 . 2012-01-31 07:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-22 14:41 . 2012-01-31 07:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-22 14:41 . 2011-09-16 15:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-16 10:50 . 2012-03-16 10:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-16 10:50 . 2012-03-16 10:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 13:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:00 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:00 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:00 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-09 17:27 . 2012-03-09 17:27 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-09 17:27 . 2012-03-09 17:27 -------- d-----w- c:\windows\system32\Wat
2012-03-06 10:28 . 2012-03-06 10:28 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-04 19:23 . 2012-03-04 19:23 -------- d-----w- c:\users\(X)\AppData\Roaming\MiKTeX
2012-03-04 19:23 . 2012-03-04 19:23 -------- d-----w- c:\users\(X)\AppData\Local\MiKTeX
2012-03-04 19:05 . 2012-03-04 19:05 -------- d-----w- c:\programdata\MiKTeX
2012-03-04 18:47 . 2012-03-04 19:17 -------- d-----w- c:\users\(X)\AppData\Roaming\benibela
2012-03-04 18:46 . 2012-03-04 18:46 -------- d-----w- c:\program files (x86)\TexMakerX
2012-03-04 18:43 . 2012-03-04 19:00 -------- d-----w- c:\program files (x86)\MiKTeX 2.9
2012-03-04 18:40 . 2011-06-10 13:14 15672645 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\TexMakerX\texmakerx21_win32-install.exe
2012-03-04 18:40 . 2011-06-20 13:18 5779456 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\tm\packages\setup-2.9.3959.exe
2012-03-04 18:39 . 2011-06-20 13:18 5779456 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\MiKTeX\setup\setup-2.9.3959.exe
2012-03-04 18:39 . 2009-11-03 23:00 655872 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcr90.dll
2012-03-04 18:39 . 2009-11-03 23:00 568832 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcp90.dll
2012-03-04 18:39 . 2009-11-03 23:00 224768 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\Microsoft.VC90.CRT\msvcm90.dll
2012-03-04 18:39 . 2011-06-21 10:16 2042368 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w32.exe
2012-03-04 18:39 . 2011-06-21 10:15 2188288 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv491w64.exe
2012-03-04 18:39 . 2011-06-10 13:14 1502208 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gsv49w32.exe
2012-03-04 18:39 . 2011-06-21 10:14 12592939 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w64.exe
2012-03-04 18:39 . 2011-06-21 10:13 12317403 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\gsv\gs902w32.exe
2012-03-04 18:39 . 2011-07-06 15:37 131584 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\Setup.exe
2012-03-04 18:39 . 2009-10-26 08:24 2149888 ----a-w- c:\program files (x86)\Mozilla Firefox\ProTeXt\python26.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 19:27 . 2010-06-27 08:40 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-21 17:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-21 17:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-10 10:14 . 2012-02-10 10:15 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{795E9DAC-0F22-43E2-817E-875C8214CF11}\gapaengine.dll
2012-01-31 12:44 . 2010-06-26 08:17 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-16 13:35 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 13:35 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 13:34 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 13:34 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 13:34 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2006-05-03 09:06 163328 --sha-w- c:\windows\SysWOW64\flvDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\(X)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 07:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Free YouTube to Mp3 Converter - c:\users\(X)\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\(X)\AppData\Roaming\Mozilla\Firefox\Profiles\9yu0btdu.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.germansmash.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27 00:38:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-26 22:38
.
Vor Suchlauf: 15 Verzeichnis(se), 74.772.619.264 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 74.149.556.224 Bytes frei
.
- - End Of File - - 7E79439C4C1500228CB6CDA2E9AEF6EC
|
|
| Themen zu BKA Virus "Betriebssystem gesperrt" |
| abgesicherte, abgesicherten, adaware, andere, avira, bereits, betriebssystem, bildschirm, bildschirm weiß, dateisystem, erstellen, fenster, gesperrt, heuristiks/extra, heuristiks/shuriken, heute, konnte, modus, neues, sicherheit, starte, starten, suchfunktion, systemwiederherstellung, thema, virus, wallpaper, würde |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
