Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Link über Facebook geöffnet, Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2011, 07:25   #1
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Hallo, ich habe folgendes Problem. Ich habe folgenden Link über Facebook geöffnet: [link entfernt von cosinus]

Seit dem zeigt mir mein Microsoft Security Essentials dauernd Würmer/Trojaner Meldungen an, was vorher gar nicht der Fall ist. Ich lasse gerade nochmal einen vollständingen Scan laufen. Was macht dieses DING jetzt mit meinem Computer? Habe jetzt immer Angst mich irgendwo eizuloggen, da ich befürchte das die Daten ausgespäht werden (Onlinebanking, Email, Ebay usw.).

Wäre sehr froh über Hilfe. Nur muss ich dazu sagen, das ich sehr wenig Ahnung von Computern habe, z.B. sagen mir die viel gelesenen LogFiles nichts. Falls sich jemand erbarmen sollte mir zu helfen, bitte ich Geduld mitzubringen.
Danke

Da mir keiner antwortet habe ich wohl etwas falsch gemacht bei meinen Beiträgen. Da ich wenig Ahnung von Computern habe, zeige ich euch einfach mal den Screenshot der Würmer die gefunden wurden.

Mein Rechner hat Windows 7. Wenn weitere Daten benötigt werden bitte Bescheid sagen.

Da auf nachfolgende Themen/Problematik geantwortet wurde nehme ich an, das bei mir immer noch Daten benötigt werden, da ich nicht weiß welche diese sind bitte ich einen Moderator mir kurz auf die Sprünge zu helfen.
Miniaturansicht angehängter Grafiken
-wurm.jpg  

Geändert von cosinus (23.10.2011 um 19:32 Uhr)

Alt 23.10.2011, 19:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 24.10.2011, 18:23   #3
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Hallo, hier die hoffentlich richtige Logfile von Malwarebytes.

Beim zweiten Schritt bleibe ich immer hängen. Da zeigt er mir beim ESET Online Scanner folgendes an: Can not get update. Is proxy configured?
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-10-23 (13-40-51).txt (1,5 KB, 192x aufgerufen)

Alt 24.10.2011, 18:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Zitat:
Can not get update. Is proxy configured?
1.) Beachten => http://www.trojaner-board.de/94344-p...n-pruefen.html
2.) Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2011, 21:40   #5
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Das spuckt er mir jetzt aus.

Ach und da ist noch die Frage wegen Onlinebanking, Ebay, Email usw. Kann ich das gefahrlos nutzen? DANKE :-)

Angehängte Dateien
Dateityp: txt log.txt (2,1 KB, 191x aufgerufen)

Geändert von D.A.U. (24.10.2011 um 21:58 Uhr)

Alt 25.10.2011, 10:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Zitat:
Ach und da ist noch die Frage wegen Onlinebanking, Ebay, Email usw. Kann ich das gefahrlos nutzen? DANKE :-)
Erstmal bitte nicht mit diesem Rechner, ich weiß noch nicht wie genau es um den bestellt ist.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Link über Facebook geöffnet, Virus?

Alt 25.10.2011, 18:20   #7
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Hallo, hier das Ergebnis von OTL und danke Cosinus für die Mühe und Arbeit die du dir machst. Hilfst mir wirklich sehr damit. Danke
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/25/2011 7:02:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Toni\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.85 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 67.78% Memory free
7.71 Gb Paging File | 6.27 Gb Available in Paging File | 81.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 14.23 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive D: | 345.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive E: | 6.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: SGD1953 | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/10/25 18:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Downloads\OTL.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2011/01/17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/05 10:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/30 10:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/13 20:02:13 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/12/21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/23 22:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/11 22:00:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 06:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/22 04:51:46 | 003,062,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/26 09:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2010/12/16 23:50:04 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 23:50:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS -- (NAVENG)
DRV - [2010/11/23 04:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/09 02:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/21 22:54:45 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/10/21 22:54:45 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/23 23:31:32 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Toni\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/09/27 20:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3 [2011/10/25 18:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/24 19:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 19:16:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/05 14:22:21 | 000,000,000 | ---D | M]
 
[2010/10/22 10:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions
[2011/10/25 19:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions
[2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml
[2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml
[2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml
[2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml
[2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml
[2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif
[2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src
[2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml
[2011/10/24 21:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/10/13 20:00:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/05 14:22:21 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/10/25 18:37:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\COFFPLGN_2011_7_2_3
[2011/09/27 20:24:56 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPLGN
[2011/10/13 19:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/29 13:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll
[2011/08/03 22:01:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/03 22:01:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/03 22:01:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/03 22:01:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/03 22:01:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0342942-4453-4215-9D4F-880EB5D5B723}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C0B94-38B3-412C-87B5-05FAB074023D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/24 23:57:42 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Zattoo
[2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2011/10/24 23:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2011/10/24 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2011/10/24 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\ElevatedDiagnostics
[2011/10/24 19:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/23 11:49:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 11:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 11:49:12 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/23 11:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92
[2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F
[2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245
[2011/10/14 21:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/10/14 21:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/10/14 21:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/10/14 21:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/10/14 21:43:04 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Microsoft Help
[2011/10/14 21:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/10/13 20:36:23 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org
[2011/10/13 20:01:52 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/10/13 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/10/13 20:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/13 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/13 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/10/13 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2011/09/27 19:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/09/27 19:34:45 | 000,000,000 | ---D | C] -- C:\Users\Toni\Documents\FIFA 12
[2011/09/27 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2011/09/27 19:25:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/09/27 18:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Origin
[2011/09/27 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\Origin
[2011/09/27 18:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/09/27 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/09/27 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 18:43:28 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 18:34:50 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 18:34:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/25 18:34:21 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 00:21:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 23:59:13 | 000,017,408 | ---- | M] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db
[2011/10/24 23:56:26 | 000,001,868 | ---- | M] () -- C:\Users\Toni\Desktop\Zattoo.lnk
[2011/10/23 11:49:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 23:04:30 | 000,000,000 | ---- | M] () -- C:\Users\Toni\defogger_reenable
[2011/10/22 13:51:00 | 000,203,650 | ---- | M] () -- C:\Users\Toni\Desktop\wurm.jpg
[2011/10/19 23:32:42 | 001,506,782 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/19 23:32:42 | 000,656,944 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/10/19 23:32:42 | 000,618,786 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/19 23:32:42 | 000,131,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/10/19 23:32:42 | 000,107,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/19 17:13:36 | 000,448,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/17 23:32:53 | 000,610,304 | ---- | M] () -- C:\Users\Toni\Desktop\eichmüller#.pub
[2011/10/13 20:37:14 | 000,001,235 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/10/13 20:01:55 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/09/27 19:25:28 | 000,001,255 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/09/27 18:37:57 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
 
========== Files Created - No Company Name ==========
 
[2011/10/24 23:57:42 | 000,017,408 | ---- | C] () -- C:\Users\Toni\AppData\Local\WebpageIcons.db
[2011/10/24 23:56:26 | 000,001,868 | ---- | C] () -- C:\Users\Toni\Desktop\Zattoo.lnk
[2011/10/23 11:49:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 23:04:30 | 000,000,000 | ---- | C] () -- C:\Users\Toni\defogger_reenable
[2011/10/22 13:50:59 | 000,203,650 | ---- | C] () -- C:\Users\Toni\Desktop\wurm.jpg
[2011/10/17 23:32:52 | 000,610,304 | ---- | C] () -- C:\Users\Toni\Desktop\eichmüller#.pub
[2011/10/13 20:37:14 | 000,001,235 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/10/13 20:01:54 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/09/27 19:25:27 | 000,001,255 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2011/09/27 18:32:31 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/05/14 12:50:44 | 000,695,578 | ---- | C] () -- C:\windows\unins000.exe
[2011/05/14 12:50:44 | 000,005,944 | ---- | C] () -- C:\windows\unins000.dat
[2010/11/05 14:07:01 | 000,266,118 | ---- | C] () -- C:\windows\hpwins23.dat
[2010/10/27 11:57:29 | 001,533,476 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/10/21 20:57:57 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/17 20:53:19 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/08/17 06:09:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/08/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/08/17 05:12:01 | 000,002,076 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/11/06 11:17:18 | 000,001,843 | ---- | C] () -- C:\windows\hpwmdl23.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92
[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM
[2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F
[2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft
[2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech
[2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org
[2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin
[2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client
[2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific
[2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP
[2009/07/14 07:08:49 | 000,027,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/17 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\8FD92
[2010/10/22 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Adobe
[2010/10/21 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ATI
[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM
[2010/11/06 00:55:10 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\CyberLink
[2011/10/17 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DA98F
[2011/07/28 22:56:55 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoft
[2011/07/27 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/05 15:18:56 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\HP
[2010/10/21 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Identities
[2010/10/22 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\InstallShield
[2011/04/27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech
[2010/10/21 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Macromedia
[2011/10/23 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2010/08/17 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Media Center Programs
[2011/10/16 00:32:56 | 000,000,000 | --SD | M] -- C:\Users\Toni\AppData\Roaming\Microsoft
[2011/05/14 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Mozilla
[2011/10/13 20:36:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\OpenOffice.org
[2011/09/27 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Origin
[2010/10/21 22:29:49 | 000,000,000 | RH-D | M] -- C:\Users\Toni\AppData\Roaming\SecuROM
[2011/08/09 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\SoftGrid Client
[2010/10/21 22:01:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Tific
[2010/10/27 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TP
[2010/11/08 01:23:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\vlc
[2011/04/28 13:46:19 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643

< End of report >
         
--- --- ---

Alt 25.10.2011, 18:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49919
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 0
[2010/11/10 17:37:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/10/30 00:44:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/08 11:48:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/14 21:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml
[2011/08/29 23:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml
[2011/09/15 23:06:40 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml
[2011/09/27 20:45:56 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml
[2011/10/24 19:16:53 | 000,000,950 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml
[2010/11/10 17:37:34 | 000,000,168 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif
[2010/11/10 17:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src
[2011/07/28 06:37:43 | 000,001,056 | ---- | M] () -- C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/09/07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/09/07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/08/24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)
[2011/10/16 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\8FD92
[2011/10/16 00:32:57 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\DA98F
[2011/10/15 16:25:57 | 000,000,000 | RHSD | C] -- C:\Users\Toni\M-1-52-5782-8752-5245
[2011/07/27 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\BOM
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 19:02   #9
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Nach dem Neustart hat er mir folgendes ausgespuckt:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules\third-party folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\modules folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults\preferences folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\components folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\chrome folder moved successfully.
Folder move failed. C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.
C:\Program Files (x86)\Origin\Origin.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File  not found.
File move failed. E:\Autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f203e9f-c759-11df-9c03-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\Toni\AppData\Roaming\8FD92 folder moved successfully.
C:\Users\Toni\AppData\Roaming\DA98F folder moved successfully.
C:\Users\Toni\M-1-52-5782-8752-5245 folder moved successfully.
C:\Users\Toni\AppData\Roaming\BOM folder moved successfully.
ADS C:\ProgramData\Temp:8530A643 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Toni
->Temp folder emptied: 906894369 bytes
->Temporary Internet Files folder emptied: 41489392 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58192043 bytes
->Flash cache emptied: 114274 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152948836 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 3840910473 bytes
 
Total Files Cleaned = 4,769.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10252011_195139

Files\Folders moved on Reboot...
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\6foxmvb8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} folder moved successfully.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\Toni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Geändert von cosinus (25.10.2011 um 19:45 Uhr) Grund: Bitte in CODE-Tags posten!!

Alt 25.10.2011, 19:23   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 19:42   #11
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Code:
ATTFilter
20:40:01.0533 1140	TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:40:01.0780 1140	============================================================
20:40:01.0780 1140	Current date / time: 2011/10/25 20:40:01.0780
20:40:01.0780 1140	SystemInfo:
20:40:01.0781 1140	
20:40:01.0781 1140	OS Version: 6.1.7600 ServicePack: 0.0
20:40:01.0781 1140	Product type: Workstation
20:40:01.0781 1140	ComputerName: SGD1953
20:40:01.0781 1140	UserName: Toni
20:40:01.0781 1140	Windows directory: C:\windows
20:40:01.0781 1140	System windows directory: C:\windows
20:40:01.0781 1140	Running under WOW64
20:40:01.0782 1140	Processor architecture: Intel x64
20:40:01.0782 1140	Number of processors: 4
20:40:01.0782 1140	Page size: 0x1000
20:40:01.0782 1140	Boot type: Normal boot
20:40:01.0782 1140	============================================================
20:40:02.0336 1140	Initialize success
20:41:05.0885 4952	============================================================
20:41:05.0885 4952	Scan started
20:41:05.0885 4952	Mode: Manual; SigCheck; TDLFS; 
20:41:05.0885 4952	============================================================
20:41:06.0092 4952	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
20:41:06.0191 4952	1394ohci - ok
20:41:06.0242 4952	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:41:06.0271 4952	ACPI - ok
20:41:06.0295 4952	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:41:06.0336 4952	AcpiPmi - ok
20:41:06.0374 4952	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:41:06.0402 4952	adp94xx - ok
20:41:06.0449 4952	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:41:06.0476 4952	adpahci - ok
20:41:06.0509 4952	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:41:06.0530 4952	adpu320 - ok
20:41:06.0590 4952	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:41:06.0655 4952	AFD - ok
20:41:06.0689 4952	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:41:06.0708 4952	agp440 - ok
20:41:06.0742 4952	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:41:06.0759 4952	aliide - ok
20:41:06.0792 4952	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:41:06.0809 4952	amdide - ok
20:41:06.0851 4952	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:41:06.0944 4952	AmdK8 - ok
20:41:07.0183 4952	amdkmdag        (3d07f9c090c7a1d76d624972a5384471) C:\windows\system32\DRIVERS\atikmdag.sys
20:41:07.0402 4952	amdkmdag - ok
20:41:07.0506 4952	amdkmdap        (99ab7e4b24c80155dc4296f657faf3c7) C:\windows\system32\DRIVERS\atikmpag.sys
20:41:07.0567 4952	amdkmdap - ok
20:41:07.0585 4952	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:41:07.0680 4952	AmdPPM - ok
20:41:07.0730 4952	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:41:07.0753 4952	amdsata - ok
20:41:07.0777 4952	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:41:07.0804 4952	amdsbs - ok
20:41:07.0842 4952	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:41:07.0876 4952	amdxata - ok
20:41:07.0914 4952	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:41:08.0067 4952	AppID - ok
20:41:08.0190 4952	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:41:08.0222 4952	arc - ok
20:41:08.0239 4952	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:41:08.0257 4952	arcsas - ok
20:41:08.0303 4952	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:41:08.0379 4952	AsyncMac - ok
20:41:08.0407 4952	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:41:08.0424 4952	atapi - ok
20:41:08.0562 4952	athr            (2c0bb386e86670bb1b1a57caaef3e50d) C:\windows\system32\DRIVERS\athrx.sys
20:41:08.0652 4952	athr - ok
20:41:08.0799 4952	AtiHDAudioService (d048e78b8b6416a0a5a18843867c9973) C:\windows\system32\drivers\AtihdW76.sys
20:41:08.0842 4952	AtiHDAudioService - ok
20:41:08.0913 4952	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:41:09.0011 4952	b06bdrv - ok
20:41:09.0043 4952	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:41:09.0134 4952	b57nd60a - ok
20:41:09.0252 4952	BCM43XX         (96cc359d243b3c947db036e941ea213d) C:\windows\system32\DRIVERS\bcmwl664.sys
20:41:09.0340 4952	BCM43XX - ok
20:41:09.0457 4952	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:41:09.0537 4952	Beep - ok
20:41:09.0765 4952	BHDrvx64        (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
20:41:09.0809 4952	BHDrvx64 - ok
20:41:09.0902 4952	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:41:09.0945 4952	blbdrive - ok
20:41:09.0993 4952	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:41:10.0035 4952	bowser - ok
20:41:10.0059 4952	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:41:10.0140 4952	BrFiltLo - ok
20:41:10.0170 4952	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:41:10.0193 4952	BrFiltUp - ok
20:41:10.0220 4952	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:41:10.0319 4952	Brserid - ok
20:41:10.0342 4952	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:41:10.0399 4952	BrSerWdm - ok
20:41:10.0426 4952	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:41:10.0489 4952	BrUsbMdm - ok
20:41:10.0530 4952	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:41:10.0576 4952	BrUsbSer - ok
20:41:10.0654 4952	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:41:10.0696 4952	BthEnum - ok
20:41:10.0722 4952	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:41:10.0767 4952	BTHMODEM - ok
20:41:10.0804 4952	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:41:10.0845 4952	BthPan - ok
20:41:10.0915 4952	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
20:41:10.0973 4952	BTHPORT - ok
20:41:11.0040 4952	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
20:41:11.0092 4952	BTHUSB - ok
20:41:11.0125 4952	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:41:11.0195 4952	cdfs - ok
20:41:11.0224 4952	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:41:11.0265 4952	cdrom - ok
20:41:11.0297 4952	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:41:11.0381 4952	circlass - ok
20:41:11.0429 4952	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:41:11.0459 4952	CLFS - ok
20:41:11.0513 4952	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:41:11.0550 4952	CmBatt - ok
20:41:11.0565 4952	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:41:11.0588 4952	cmdide - ok
20:41:11.0625 4952	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:41:11.0664 4952	CNG - ok
20:41:11.0686 4952	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:41:11.0703 4952	Compbatt - ok
20:41:11.0752 4952	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:41:11.0827 4952	CompositeBus - ok
20:41:11.0858 4952	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:41:11.0877 4952	crcdisk - ok
20:41:11.0970 4952	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:41:12.0010 4952	DfsC - ok
20:41:12.0035 4952	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:41:12.0125 4952	discache - ok
20:41:12.0161 4952	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:41:12.0196 4952	Disk - ok
20:41:12.0330 4952	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
20:41:12.0388 4952	Dot4 - ok
20:41:12.0412 4952	Dot4Print       (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys
20:41:12.0439 4952	Dot4Print - ok
20:41:12.0465 4952	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
20:41:12.0510 4952	dot4usb - ok
20:41:12.0541 4952	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:41:12.0593 4952	drmkaud - ok
20:41:12.0637 4952	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:41:12.0686 4952	DXGKrnl - ok
20:41:12.0792 4952	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:41:12.0878 4952	ebdrv - ok
20:41:12.0986 4952	eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:41:13.0028 4952	eeCtrl - ok
20:41:13.0144 4952	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:41:13.0185 4952	elxstor - ok
20:41:13.0239 4952	EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:41:13.0261 4952	EraserUtilRebootDrv - ok
20:41:13.0286 4952	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:41:13.0339 4952	ErrDev - ok
20:41:13.0386 4952	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:41:13.0456 4952	exfat - ok
20:41:13.0485 4952	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:41:13.0542 4952	fastfat - ok
20:41:13.0572 4952	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:41:13.0609 4952	fdc - ok
20:41:13.0712 4952	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:41:13.0744 4952	FileInfo - ok
20:41:13.0842 4952	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:41:13.0904 4952	Filetrace - ok
20:41:13.0926 4952	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:41:13.0952 4952	flpydisk - ok
20:41:13.0977 4952	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:41:14.0002 4952	FltMgr - ok
20:41:14.0023 4952	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:41:14.0042 4952	FsDepends - ok
20:41:14.0087 4952	fssfltr         (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
20:41:14.0119 4952	fssfltr - ok
20:41:14.0148 4952	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:41:14.0168 4952	Fs_Rec - ok
20:41:14.0212 4952	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:41:14.0260 4952	fvevol - ok
20:41:14.0324 4952	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:41:14.0356 4952	gagp30kx - ok
20:41:14.0421 4952	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:41:14.0498 4952	hcw85cir - ok
20:41:14.0541 4952	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:41:14.0599 4952	HdAudAddService - ok
20:41:14.0635 4952	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:41:14.0679 4952	HDAudBus - ok
20:41:14.0703 4952	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:41:14.0723 4952	HidBatt - ok
20:41:14.0753 4952	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:41:14.0807 4952	HidBth - ok
20:41:14.0843 4952	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:41:14.0884 4952	HidIr - ok
20:41:14.0921 4952	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:41:14.0991 4952	HidUsb - ok
20:41:15.0053 4952	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:41:15.0075 4952	HpSAMD - ok
20:41:15.0166 4952	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:41:15.0236 4952	HTTP - ok
20:41:15.0256 4952	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:41:15.0273 4952	hwpolicy - ok
20:41:15.0423 4952	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:41:15.0466 4952	i8042prt - ok
20:41:15.0543 4952	iaStor          (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
20:41:15.0573 4952	iaStor - ok
20:41:15.0716 4952	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:41:15.0773 4952	iaStorV - ok
20:41:16.0000 4952	IDSVia64        (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys
20:41:16.0039 4952	IDSVia64 - ok
20:41:16.0309 4952	igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
20:41:16.0580 4952	igfx - ok
20:41:16.0680 4952	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:41:16.0707 4952	iirsp - ok
20:41:16.0806 4952	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:41:16.0879 4952	Impcd - ok
20:41:16.0989 4952	IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\windows\system32\drivers\RTKVHD64.sys
20:41:17.0056 4952	IntcAzAudAddService - ok
20:41:17.0177 4952	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:41:17.0208 4952	intelide - ok
20:41:17.0234 4952	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:41:17.0266 4952	intelppm - ok
20:41:17.0317 4952	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:41:17.0390 4952	IpFilterDriver - ok
20:41:17.0417 4952	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:41:17.0447 4952	IPMIDRV - ok
20:41:17.0464 4952	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:41:17.0509 4952	IPNAT - ok
20:41:17.0550 4952	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:41:17.0575 4952	IRENUM - ok
20:41:17.0598 4952	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:41:17.0618 4952	isapnp - ok
20:41:17.0634 4952	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:41:17.0660 4952	iScsiPrt - ok
20:41:17.0676 4952	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:41:17.0694 4952	kbdclass - ok
20:41:17.0716 4952	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:41:17.0750 4952	kbdhid - ok
20:41:17.0777 4952	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:41:17.0798 4952	KSecDD - ok
20:41:17.0831 4952	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:41:17.0868 4952	KSecPkg - ok
20:41:17.0901 4952	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:41:17.0985 4952	ksthunk - ok
20:41:18.0038 4952	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:41:18.0122 4952	lltdio - ok
20:41:18.0171 4952	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:41:18.0208 4952	LSI_FC - ok
20:41:18.0227 4952	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:41:18.0246 4952	LSI_SAS - ok
20:41:18.0265 4952	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:41:18.0284 4952	LSI_SAS2 - ok
20:41:18.0308 4952	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:41:18.0327 4952	LSI_SCSI - ok
20:41:18.0376 4952	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:41:18.0477 4952	luafv - ok
20:41:18.0532 4952	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:41:18.0552 4952	megasas - ok
20:41:18.0574 4952	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:41:18.0603 4952	MegaSR - ok
20:41:18.0645 4952	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:41:18.0745 4952	Modem - ok
20:41:18.0811 4952	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:41:18.0871 4952	monitor - ok
20:41:18.0946 4952	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:41:18.0978 4952	mouclass - ok
20:41:19.0027 4952	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:41:19.0097 4952	mouhid - ok
20:41:19.0125 4952	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:41:19.0149 4952	mountmgr - ok
20:41:19.0219 4952	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
20:41:19.0252 4952	MpFilter - ok
20:41:19.0274 4952	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:41:19.0294 4952	mpio - ok
20:41:19.0314 4952	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
20:41:19.0331 4952	MpNWMon - ok
20:41:19.0347 4952	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:41:19.0407 4952	mpsdrv - ok
20:41:19.0430 4952	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:41:19.0468 4952	MRxDAV - ok
20:41:19.0505 4952	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:41:19.0558 4952	mrxsmb - ok
20:41:19.0596 4952	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:41:19.0651 4952	mrxsmb10 - ok
20:41:19.0670 4952	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:41:19.0694 4952	mrxsmb20 - ok
20:41:19.0720 4952	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
20:41:19.0738 4952	msahci - ok
20:41:19.0760 4952	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:41:19.0781 4952	msdsm - ok
20:41:19.0802 4952	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:41:19.0861 4952	Msfs - ok
20:41:19.0890 4952	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:41:19.0968 4952	mshidkmdf - ok
20:41:19.0990 4952	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:41:20.0006 4952	msisadrv - ok
20:41:20.0044 4952	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:41:20.0088 4952	MSKSSRV - ok
20:41:20.0130 4952	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:41:20.0178 4952	MSPCLOCK - ok
20:41:20.0198 4952	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:41:20.0255 4952	MSPQM - ok
20:41:20.0282 4952	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:41:20.0305 4952	MsRPC - ok
20:41:20.0326 4952	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:41:20.0344 4952	mssmbios - ok
20:41:20.0379 4952	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:41:20.0439 4952	MSTEE - ok
20:41:20.0460 4952	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:41:20.0479 4952	MTConfig - ok
20:41:20.0500 4952	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:41:20.0518 4952	Mup - ok
20:41:20.0604 4952	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:41:20.0677 4952	NativeWifiP - ok
20:41:20.0824 4952	NAVENG          (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\ENG64.SYS
20:41:20.0850 4952	NAVENG - ok
20:41:20.0984 4952	NAVEX15         (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20101220.002\EX64.SYS
20:41:21.0034 4952	NAVEX15 - ok
20:41:21.0191 4952	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:41:21.0244 4952	NDIS - ok
20:41:21.0357 4952	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:41:21.0455 4952	NdisCap - ok
20:41:21.0477 4952	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:41:21.0532 4952	NdisTapi - ok
20:41:21.0556 4952	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:41:21.0609 4952	Ndisuio - ok
20:41:21.0624 4952	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:41:21.0723 4952	NdisWan - ok
20:41:21.0746 4952	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:41:21.0791 4952	NDProxy - ok
20:41:21.0831 4952	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:41:21.0884 4952	NetBIOS - ok
20:41:21.0904 4952	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:41:21.0989 4952	NetBT - ok
20:41:22.0021 4952	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:41:22.0041 4952	nfrd960 - ok
20:41:22.0108 4952	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:41:22.0141 4952	NisDrv - ok
20:41:22.0219 4952	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:41:22.0287 4952	Npfs - ok
20:41:22.0302 4952	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:41:22.0345 4952	nsiproxy - ok
20:41:22.0409 4952	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:41:22.0464 4952	Ntfs - ok
20:41:22.0500 4952	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:41:22.0557 4952	Null - ok
20:41:22.0594 4952	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:41:22.0626 4952	nvraid - ok
20:41:22.0659 4952	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:41:22.0695 4952	nvstor - ok
20:41:22.0708 4952	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:41:22.0730 4952	nv_agp - ok
20:41:22.0779 4952	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:41:22.0814 4952	ohci1394 - ok
20:41:22.0886 4952	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:41:22.0924 4952	Parport - ok
20:41:22.0943 4952	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:41:22.0962 4952	partmgr - ok
20:41:22.0987 4952	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
20:41:23.0008 4952	pci - ok
20:41:23.0026 4952	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:41:23.0043 4952	pciide - ok
20:41:23.0076 4952	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:41:23.0116 4952	pcmcia - ok
20:41:23.0141 4952	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:41:23.0162 4952	pcw - ok
20:41:23.0203 4952	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:41:23.0266 4952	PEAUTH - ok
20:41:23.0335 4952	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:41:23.0407 4952	PptpMiniport - ok
20:41:23.0425 4952	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:41:23.0456 4952	Processor - ok
20:41:23.0511 4952	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:41:23.0588 4952	Psched - ok
20:41:23.0644 4952	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:41:23.0703 4952	ql2300 - ok
20:41:23.0724 4952	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:41:23.0745 4952	ql40xx - ok
20:41:23.0768 4952	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:41:23.0791 4952	QWAVEdrv - ok
20:41:23.0814 4952	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:41:23.0857 4952	RasAcd - ok
20:41:23.0899 4952	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:41:23.0976 4952	RasAgileVpn - ok
20:41:24.0003 4952	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:41:24.0117 4952	Rasl2tp - ok
20:41:24.0149 4952	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:41:24.0206 4952	RasPppoe - ok
20:41:24.0227 4952	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:41:24.0292 4952	RasSstp - ok
20:41:24.0312 4952	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:41:24.0371 4952	rdbss - ok
20:41:24.0393 4952	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:41:24.0486 4952	rdpbus - ok
20:41:24.0527 4952	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:41:24.0627 4952	RDPCDD - ok
20:41:24.0649 4952	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:41:24.0690 4952	RDPENCDD - ok
20:41:24.0707 4952	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:41:24.0761 4952	RDPREFMP - ok
20:41:24.0778 4952	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:41:24.0832 4952	RDPWD - ok
20:41:24.0870 4952	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
20:41:24.0892 4952	rdyboost - ok
20:41:24.0943 4952	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:41:24.0984 4952	RFCOMM - ok
20:41:25.0029 4952	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:41:25.0112 4952	rspndr - ok
20:41:25.0153 4952	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
20:41:25.0207 4952	RTL8167 - ok
20:41:25.0322 4952	rtport          (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
20:41:25.0375 4952	rtport - ok
20:41:25.0503 4952	SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
20:41:25.0546 4952	SABI - ok
20:41:25.0583 4952	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:41:25.0614 4952	sbp2port - ok
20:41:25.0642 4952	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:41:25.0749 4952	scfilter - ok
20:41:25.0780 4952	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:41:25.0835 4952	secdrv - ok
20:41:25.0873 4952	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:41:25.0944 4952	Serenum - ok
20:41:25.0972 4952	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:41:26.0019 4952	Serial - ok
20:41:26.0043 4952	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:41:26.0077 4952	sermouse - ok
20:41:26.0110 4952	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:41:26.0183 4952	sffdisk - ok
20:41:26.0193 4952	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:41:26.0223 4952	sffp_mmc - ok
20:41:26.0232 4952	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:41:26.0258 4952	sffp_sd - ok
20:41:26.0285 4952	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:41:26.0325 4952	sfloppy - ok
20:41:26.0427 4952	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:41:26.0476 4952	Sftfs - ok
20:41:26.0505 4952	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:41:26.0526 4952	Sftplay - ok
20:41:26.0549 4952	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:41:26.0564 4952	Sftredir - ok
20:41:26.0581 4952	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:41:26.0596 4952	Sftvol - ok
20:41:26.0635 4952	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:41:26.0652 4952	SiSRaid2 - ok
20:41:26.0704 4952	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:41:26.0724 4952	SiSRaid4 - ok
20:41:26.0758 4952	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:41:26.0825 4952	Smb - ok
20:41:26.0858 4952	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:41:26.0878 4952	spldr - ok
20:41:26.0992 4952	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
20:41:27.0042 4952	SRTSP - ok
20:41:27.0066 4952	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
20:41:27.0082 4952	SRTSPX - ok
20:41:27.0121 4952	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:41:27.0159 4952	srv - ok
20:41:27.0191 4952	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:41:27.0252 4952	srv2 - ok
20:41:27.0315 4952	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:41:27.0365 4952	srvnet - ok
20:41:27.0409 4952	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:41:27.0428 4952	stexstor - ok
20:41:27.0471 4952	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:41:27.0490 4952	swenum - ok
20:41:27.0548 4952	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
20:41:27.0586 4952	SymDS - ok
20:41:27.0648 4952	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
20:41:27.0695 4952	SymEFA - ok
20:41:27.0737 4952	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:41:27.0774 4952	SymEvent - ok
20:41:27.0807 4952	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
20:41:27.0824 4952	SymIRON - ok
20:41:27.0854 4952	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
20:41:27.0879 4952	SymNetS - ok
20:41:27.0947 4952	SynTP           (14feb5052837d9277520088dce549036) C:\windows\system32\DRIVERS\SynTP.sys
20:41:27.0995 4952	SynTP - ok
20:41:28.0133 4952	Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
20:41:28.0197 4952	Tcpip - ok
20:41:28.0320 4952	TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
20:41:28.0372 4952	TCPIP6 - ok
20:41:28.0461 4952	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:41:28.0519 4952	tcpipreg - ok
20:41:28.0534 4952	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:41:28.0583 4952	TDPIPE - ok
20:41:28.0603 4952	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:41:28.0662 4952	TDTCP - ok
20:41:28.0679 4952	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:41:28.0735 4952	tdx - ok
20:41:28.0751 4952	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:41:28.0769 4952	TermDD - ok
20:41:28.0803 4952	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:41:28.0864 4952	tssecsrv - ok
20:41:28.0902 4952	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:41:28.0974 4952	tunnel - ok
20:41:29.0012 4952	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\windows\system32\DRIVERS\TurboB.sys
20:41:29.0032 4952	TurboB - ok
20:41:29.0084 4952	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:41:29.0123 4952	uagp35 - ok
20:41:29.0165 4952	udfs            (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
20:41:29.0208 4952	udfs - ok
20:41:29.0295 4952	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:41:29.0331 4952	uliagpkx - ok
20:41:29.0373 4952	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:41:29.0422 4952	umbus - ok
20:41:29.0442 4952	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:41:29.0488 4952	UmPass - ok
20:41:29.0518 4952	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:41:29.0566 4952	usbccgp - ok
20:41:29.0599 4952	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:41:29.0642 4952	usbcir - ok
20:41:29.0666 4952	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:41:29.0702 4952	usbehci - ok
20:41:29.0728 4952	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:41:29.0768 4952	usbhub - ok
20:41:29.0795 4952	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:41:29.0837 4952	usbohci - ok
20:41:29.0868 4952	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:41:29.0897 4952	usbprint - ok
20:41:29.0920 4952	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:41:29.0950 4952	usbscan - ok
20:41:29.0989 4952	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS
20:41:30.0044 4952	USBSTOR - ok
20:41:30.0078 4952	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:41:30.0098 4952	usbuhci - ok
20:41:30.0161 4952	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:41:30.0215 4952	usbvideo - ok
20:41:30.0266 4952	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:41:30.0288 4952	vdrvroot - ok
20:41:30.0308 4952	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:41:30.0336 4952	vga - ok
20:41:30.0354 4952	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:41:30.0409 4952	VgaSave - ok
20:41:30.0429 4952	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:41:30.0451 4952	vhdmp - ok
20:41:30.0473 4952	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:41:30.0490 4952	viaide - ok
20:41:30.0508 4952	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:41:30.0526 4952	volmgr - ok
20:41:30.0546 4952	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:41:30.0571 4952	volmgrx - ok
20:41:30.0588 4952	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:41:30.0611 4952	volsnap - ok
20:41:30.0641 4952	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:41:30.0664 4952	vsmraid - ok
20:41:30.0679 4952	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:41:30.0703 4952	vwifibus - ok
20:41:30.0737 4952	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:41:30.0779 4952	vwififlt - ok
20:41:30.0808 4952	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:41:30.0838 4952	WacomPen - ok
20:41:30.0870 4952	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:41:30.0926 4952	WANARP - ok
20:41:30.0930 4952	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:41:30.0975 4952	Wanarpv6 - ok
20:41:30.0996 4952	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:41:31.0014 4952	Wd - ok
20:41:31.0043 4952	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:41:31.0074 4952	Wdf01000 - ok
20:41:31.0118 4952	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:41:31.0165 4952	WfpLwf - ok
20:41:31.0183 4952	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:41:31.0202 4952	WIMMount - ok
20:41:31.0259 4952	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:41:31.0278 4952	WmiAcpi - ok
20:41:31.0313 4952	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:41:31.0367 4952	ws2ifsl - ok
20:41:31.0398 4952	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:41:31.0450 4952	WudfPf - ok
20:41:31.0474 4952	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:41:31.0525 4952	WUDFRd - ok
20:41:31.0582 4952	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
20:41:31.0646 4952	yukonw7 - ok
20:41:31.0695 4952	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:41:31.0949 4952	\Device\Harddisk0\DR0 - ok
20:41:31.0954 4952	Boot (0x1200)   (ffaedfde4178abf2da5e4945d4a562ad) \Device\Harddisk0\DR0\Partition0
20:41:31.0955 4952	\Device\Harddisk0\DR0\Partition0 - ok
20:41:31.0981 4952	Boot (0x1200)   (74f258e78f0f15d828b38adfff7417de) \Device\Harddisk0\DR0\Partition1
20:41:31.0983 4952	\Device\Harddisk0\DR0\Partition1 - ok
20:41:32.0003 4952	Boot (0x1200)   (a084a3037a0a4f3bd56b310adf974e64) \Device\Harddisk0\DR0\Partition2
20:41:32.0004 4952	\Device\Harddisk0\DR0\Partition2 - ok
20:41:32.0005 4952	============================================================
20:41:32.0005 4952	Scan finished
20:41:32.0005 4952	============================================================
20:41:32.0018 4092	Detected object count: 0
20:41:32.0018 4092	Actual detected object count: 0
         

Geändert von cosinus (25.10.2011 um 19:44 Uhr) Grund: Bitte in CODE-Tags posten!!

Alt 25.10.2011, 19:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Poste die Logs bitte in CODE-Tags! Keine PHP- oder TABLE- oder sonstwas Tags!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2011, 20:01   #13
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Sorry wegen der Tabelle.

Code:
ATTFilter
ComboFix 11-10-25.04 - Toni 25.10.2011  20:52:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3946.2716 [GMT 2:00]
ausgeführt von:: c:\users\Toni\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-25 bis 2011-10-25  ))))))))))))))))))))))))))))))
.
.
2011-10-25 18:57 . 2011-10-25 18:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-25 18:05 . 2011-10-25 18:05	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\offreg.dll
2011-10-25 18:05 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9429F92D-DD90-4101-B45A-EBB7F09C9132}\mpengine.dll
2011-10-25 17:51 . 2011-10-25 17:51	--------	d-----w-	C:\_OTL
2011-10-24 21:57 . 2011-10-24 21:57	--------	d-----w-	c:\users\Toni\AppData\Local\Zattoo
2011-10-24 21:56 . 2011-10-24 21:57	--------	d-----w-	c:\program files (x86)\Zattoo4
2011-10-24 18:01 . 2011-10-24 18:01	--------	d-----w-	c:\users\Toni\AppData\Local\ElevatedDiagnostics
2011-10-24 17:18 . 2011-10-24 17:18	--------	d-----w-	c:\program files (x86)\ESET
2011-10-23 09:49 . 2011-10-23 09:49	--------	d-----w-	c:\users\Toni\AppData\Roaming\Malwarebytes
2011-10-23 09:49 . 2011-10-23 09:49	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-23 09:49 . 2011-10-23 09:49	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-23 09:49 . 2011-08-31 15:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-19 14:47 . 2011-10-19 14:47	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-10-14 19:54 . 2011-10-19 14:49	--------	d-----w-	c:\program files (x86)\Microsoft Works
2011-10-14 19:43 . 2011-10-14 19:43	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-10-14 19:43 . 2011-10-14 19:43	--------	d-----w-	c:\users\Toni\AppData\Local\Microsoft Help
2011-10-14 19:42 . 2011-10-19 15:10	--------	d-----w-	c:\programdata\Microsoft Help
2011-10-13 18:36 . 2011-10-13 18:36	--------	d-----w-	c:\users\Toni\AppData\Roaming\OpenOffice.org
2011-10-13 18:01 . 2011-10-13 18:01	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-10-13 18:00 . 2011-10-13 18:00	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-13 18:00 . 2011-10-13 17:59	472808	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-13 18:00 . 2011-10-13 17:59	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-13 17:59 . 2011-10-13 17:59	--------	d-----w-	c:\program files (x86)\Java
2011-10-12 15:19 . 2011-08-17 05:32	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-11 16:20 . 2011-10-11 16:20	917840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE80953-C2B3-49B1-80D4-874E53EEC9D1}\gapaengine.dll
2011-09-27 17:36 . 2011-09-27 17:36	--------	d-----w-	c:\programdata\EA Core
2011-09-27 17:24 . 2008-07-31 08:41	72200	----a-w-	c:\windows\system32\XAPOFX1_1.dll
2011-09-27 17:24 . 2008-07-31 08:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2011-09-27 17:24 . 2008-07-31 08:40	513544	----a-w-	c:\windows\system32\XAudio2_2.dll
2011-09-27 17:24 . 2008-07-31 08:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2011-09-27 17:24 . 2008-07-31 08:41	238088	----a-w-	c:\windows\SysWow64\xactengine3_2.dll
2011-09-27 17:24 . 2008-07-31 08:41	177672	----a-w-	c:\windows\system32\xactengine3_2.dll
2011-09-27 16:34 . 2011-09-27 16:34	--------	d-----w-	c:\users\Toni\AppData\Roaming\Origin
2011-09-27 16:34 . 2011-09-27 16:34	--------	d-----w-	c:\users\Toni\AppData\Local\Origin
2011-09-27 16:32 . 2011-09-27 16:32	--------	d-----w-	c:\program files (x86)\Origin Games
2011-09-27 16:31 . 2011-10-25 17:51	--------	d-----w-	c:\program files (x86)\Origin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 21:57 . 2011-08-29 21:05	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 04:16 . 2011-07-01 07:48	8570192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-8-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101217.001\IDSvia64.sys [2010-11-09 476792]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 132656]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 20322504
*Deregistered* - 20322504
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-15 17:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-14 11046504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = 
IE: Free YouTube Download - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Toni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\6foxmvb8.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_2_3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: general.useragent.extra.brc - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-76830181-1066914796-2057996457-1000\Software\SecuROM\License information*]
"datasecu"=hex:b2,dd,33,b2,a2,bc,64,af,ef,6b,31,39,1b,4f,02,f0,98,c5,27,4e,9b,
   38,13,46,42,41,07,f6,e4,35,c7,8f,cc,6c,f1,83,0e,91,50,a8,1a,b9,9c,ba,66,bf,\
"rkeysecu"=hex:cb,f8,01,a7,23,53,09,88,d4,85,e8,cf,9a,a6,65,f2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-25  20:59:16
ComboFix-quarantined-files.txt  2011-10-25 18:59
.
Vor Suchlauf: 10 Verzeichnis(se), 18.668.535.808 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 18.304.630.784 Bytes frei
.
- - End Of File - - 43EF09D6A7B5C721B8538682118DAC1A
         

Alt 26.10.2011, 09:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Zitat:
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
Ähem das seh ich ja jetzt erst. Sowas wie MS Security Essential sollte nie zusammen mit Norton IS benutzt werden! Wenn dann nur eins von beiden installiert haben. Ich rate dir zu MSE, als Norton deinstallieren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.10.2011, 17:47   #15
D.A.U.
 
Link über Facebook geöffnet, Virus? - Standard

Link über Facebook geöffnet, Virus?



Guten Abend habe Norton deinstalliert. Dachte doppelt hält besser.

Wie siehts wegen den Schädlingen aus?

Antwort

Themen zu Link über Facebook geöffnet, Virus?
ahnung, angst, ausgespäht, compu, computer, computern, daten, dauernd, dinge, ebanking, ebay, email, essen, facebook, folge, folgenden, folgendes, laufe, link, logfiles, meldungen, microsoft, microsoft security, microsoft security essentials, onlinebanking, scan, security, virus, virus?, wenig, wenig ahnung



Ähnliche Themen: Link über Facebook geöffnet, Virus?


  1. DHL Virus Mail - Link geöffnet
    Alles rund um Mac OSX & Linux - 04.06.2015 (3)
  2. Link geöffnet Facebook, Angst auf Virenbefall meines IPhones
    Log-Analyse und Auswertung - 11.04.2015 (1)
  3. Verdächtigen Link geöffnet, der über Email von Freundin kam (driversnews.tv)
    Smartphone, Tablet & Handy Security - 07.11.2014 (2)
  4. Eventuell Virus durch einen Facebook-Link?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (5)
  5. email mit link und Zip endung geöffnet, Virus?
    Smartphone, Tablet & Handy Security - 05.01.2014 (5)
  6. Trojaner/Virus über malwarebyte gefunden; Infizierung über Link - was nun?
    Log-Analyse und Auswertung - 14.09.2012 (5)
  7. GEMA - Trojaner über facebook-Link www.chinamartusa.com
    Log-Analyse und Auswertung - 03.01.2012 (16)
  8. TrojanDropper:Win32/Fignotok über Facebook Link
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (19)
  9. Facebook Virus JPG.SRC geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (3)
  10. mal wieder virus durch facebook link plus paar andere glaub ich^^
    Log-Analyse und Auswertung - 01.11.2011 (3)
  11. Facebook Virus - scr-Datei geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (1)
  12. Virus Facebook (xxx.allesdax.com - JPG.scr datei geöffnet, nun virenbefall!)
    Log-Analyse und Auswertung - 14.10.2011 (17)
  13. Dropper.gen über Facebook-Link - kein Windows-Start
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (1)
  14. Virus über Facebook
    Log-Analyse und Auswertung - 21.08.2011 (3)
  15. MSN Facebook-Link Virus
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (23)
  16. ebenfalls Link über ICQ gesendet bekommen und geöffnet
    Plagegeister aller Art und deren Bekämpfung - 23.11.2010 (15)
  17. Link über Icq gesendet bekommen und geöffnet!Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (16)

Zum Thema Link über Facebook geöffnet, Virus? - Hallo, ich habe folgendes Problem. Ich habe folgenden Link über Facebook geöffnet: [link entfernt von cosinus] Seit dem zeigt mir mein Microsoft Security Essentials dauernd Würmer/Trojaner Meldungen an, was vorher - Link über Facebook geöffnet, Virus?...
Archiv
Du betrachtest: Link über Facebook geöffnet, Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.