| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: unbekannter Virus, blockiert Antivir, MBAM, Otl etc.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2011, 10:37
| #16 |
  |  unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, oh je... Dann länger den Einschaltknopf drücken... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
20.12.2011, 10:46
| #17 |
 | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi,
__________________gemacht, neu gestartet, MAM neu installiert, beim ersten Scanversuch abgestürzt (nach 5 Sek) und dann bekannte Fehlermeldung geliefert... Larina
__________________ |
|
20.12.2011, 11:05
| #18 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi,
__________________führen wir als letztes vor dem Neuaufsetzen folgendes durch: Überprüfen der Festplatte auf Fehler Frage: Ein HW-Fehler (Lüfter läuft nicht, die Lüftungsschlitze sind zu etc.) kanne snicht sein? chris
__________________ |
|
20.12.2011, 11:08
| #19 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, ich denke nicht, dass es ein HW-Fehler ist...das Notebook wird nur selten bewegt und meines Erachtens nach läuft der Lüfter ganz normal. Ich prüfe dann also mal die Platte auf Fehler. Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 13:53
| #20 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, die Festplatte hat 2 Partitionen: Data ( E: ) - alles ok Vista ( C: ) - kommt kurz eine Meldung, die - soweit ich es lesen konnte (war sehr schnell wieder weg...) - lautet: 'Volume kann für direkten Zugriff nicht geöffnet werden.' Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 16:03
| #21 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, selbst wenn kein exklusiver Zugriff mögich ist, sollte er das melden und anbieten eine Überprüfung beim nächsten Booten durchzuführen… Das deutet auf einen manipulierten Bootblock hin… Hast Du eine Vista-CD von der in die Rettungskonsole gebootet werden kann? Es gibt noch einige andere Möglichkeiten (Ausbau der HD und anschluß an einen anderen Rechner als Slave), aber ich denke das wird zu kompliziert… chris
__________________ --> unbekannter Virus, blockiert Antivir, MBAM, Otl etc. |
|
20.12.2011, 16:13
| #22 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, die Überprüfung führt er eh nur beim Booten und nicht im laufenden Betrieb durch... Leider habe ich keine Vista-Cd, Windows war bereits vorinstalliert. HW-Ausbau ist mir tatsächlich zu kompliziert, zumal ich im Moment auch kein Werkzeug (Schraubenzieher o.ä.) zur Hand habe. Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 17:53
| #23 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, aber er überprüft nicht, oder...? Iregndwie kommen wir so nicht weiter.. Was mich irritiert ist, das MAM erst anläuft und dann abstürzt, das ist für Malware "untypisch", entweder der Start wird komplett unterbunden... Wenn keine Vista-CDda ist, dann fällt auch sfc /scannow aus (das würde versuchen das System zu reparieren... Letzter Versuch... Lade Dir die passende Version von Hitman pro Downloads - SurfRight, den cloudbasierten Scanner auswählen... und laufen lassen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.12.2011, 19:23
| #24 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, er lässt es ja nur beim ersten Start nach der Installation zu, danach verhindert er es immer... Hitman ist gelaufen und hat folgendes gefunden und (zumindest angeblich) behoben: Code:
ATTFilter C:\Windows\DRIVERS\cdrom.sys -> Rootkit (G Data: Gen:Variant.TDss.15 (Engine-A); DrWeb: Trojan.NtRootKit.12040; IKARUS : Rootkit.Win32.ZAccess!IK)
C:\Windows\system32\TODDSrv.exe -> Trojan (G Data: Trojan.Generic.KDV.268357 (Engine-A); DrWeb: Trojan.Starter.1695; IKARUS : Trojan-Spy.Win32.Zbot!IK)
Zudem etliche Tracking Cookies
Computer ist neu gestartet und im Moment läuft CHKDSK (bei 20%). Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 20:03
| #25 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, Datenträgerüberprüfung ergab: Keine Fehler. Ich habe jetzt MAM neu installiert und es läuft (zum Glück). Ich habe erstmal Quick Scan ausgewählt. Hier die entsprechende log-Datei: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8403
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
20.12.2011 20:01:05
mbam-log-2011-12-20 (20-01-05).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160736
Laufzeit: 2 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fb0c32de (Backdoor.0Access) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\3727822075:83086625.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
Edit: Ich lasse jetzt auch mal einen vollständigen Scan durchführen.
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 21:04
| #26 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, hier die log-Datei des vollständigen Scans: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8403
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
20.12.2011 21:00:00
mbam-log-2011-12-20 (21-00-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 352269
Laufzeit: 54 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Gisela\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\QTFCR0MO\2[1].#xe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.
Larina
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 21:07
| #27 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, jahuuuuuuuuuu! Haben wir die Saubacke endlich... Nach dem Fullscann noch OTL-Log und TDSS-Killer TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Bin jetzt Mißtrauisch, daher noch: MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
chris Ps.: OTL hat es teilweise geschafft, die Rootkit-Treiber waren das eigentliche Problem... c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
20.12.2011, 22:13
| #28 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, hier die Ergebnisse: Otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.12.2011 21:56:23 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free 3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.20 21:55:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.08 10:57:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2008.05.09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2008.04.16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2008.03.06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2007.12.14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (VMCService) SRV - File not found [Auto | Stopped] -- -- (TNaviSrv) SRV - File not found [Auto | Stopped] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - File not found [Auto | Stopped] -- -- (ConfigFree Service) SRV - File not found [Auto | Stopped] -- -- (AntiVirService) SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.04.16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 08:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 08:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.08 23:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.02 14:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid) DRV - [2008.07.18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.05.19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.28 15:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.10.17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http:gmx.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks ) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 19:50:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 11:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.31 20:26:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009.06.05 13:41:37 | 000,000,000 | ---D | M] [2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions [2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.14 23:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions [2010.08.20 18:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.13 20:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.11.21 19:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.01.08 20:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com [2011.12.16 19:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml [2010.09.18 15:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml [2010.10.25 13:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml [2010.11.03 11:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml [2010.12.11 17:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml [2011.03.28 09:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml [2011.04.24 11:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml [2010.01.11 21:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml [2010.02.20 09:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml [2010.03.15 20:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml [2010.03.24 21:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml [2010.04.03 20:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml [2010.07.01 09:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml [2010.07.26 22:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml [2010.09.09 20:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml [2009.12.16 21:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml [2011.12.17 10:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.11.10 19:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.17 10:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.12.02 19:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.02 19:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.02 19:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.02 19:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.02 19:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.02 19:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.02 19:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F49342F-B661-4B69-AED5-38E0260223EB}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG O24 - Desktop BackupWallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.12.20 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.12.20 15:53:16 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2011.12.20 15:53:15 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.17 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan [2011.12.17 10:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes [2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 10:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.17 10:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.17 10:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira [2011.12.17 10:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.12.17 10:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.12.17 10:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.12.17 08:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.12.16 19:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.16 19:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.16 19:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.16 19:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.12.16 19:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.16 19:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.15 12:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.15 12:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.15 12:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.15 12:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.15 12:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.15 12:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.09 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4 [2011.12.04 21:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.12.02 20:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.02 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.12.02 20:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\drivers\ File not found -- C:\Windows\System32\ [2011.12.20 21:58:27 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.20 21:58:27 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.20 21:58:27 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.20 21:58:27 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.20 21:31:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.20 21:02:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.20 21:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.20 21:02:04 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys [2011.12.20 19:49:40 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011.12.20 19:00:55 | 000,000,598 | ---- | M] () -- C:\Windows\System32\.crusader [2011.12.20 13:50:24 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075 [2011.12.19 10:40:33 | 000,000,020 | ---- | M] () -- C:\Users\Gisela\defogger_reenable [2011.12.19 10:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe [2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe [2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe [2011.12.19 10:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe [2011.12.18 21:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.18 15:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat [2011.12.18 15:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.17 11:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe [2011.12.17 09:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg [2011.12.16 23:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.12 09:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt [2011.12.11 20:42:31 | 000,004,944 | ---- | M] () -- C:\Users\Gisela\untitled4_MAS.bak [2011.12.11 20:41:25 | 000,005,112 | ---- | M] () -- C:\Users\Gisela\untitled3_MAS.bak [2011.12.11 20:40:57 | 000,004,296 | ---- | M] () -- C:\Users\Gisela\untitled2_MAS.bak [2011.12.11 20:09:47 | 000,002,400 | ---- | M] () -- C:\Users\Gisela\untitled1_MAS.bak [2011.12.09 19:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk [2011.12.04 21:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.12.02 20:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.26 23:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt [2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2011.12.20 19:00:55 | 000,000,598 | ---- | C] () -- C:\Windows\System32\.crusader [2011.12.20 18:35:25 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011.12.20 10:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075 [2011.12.20 08:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe [2011.12.20 07:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys [2011.12.19 10:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe [2011.12.19 10:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe [2011.12.19 10:39:53 | 000,000,020 | ---- | C] () -- C:\Users\Gisela\defogger_reenable [2011.12.19 10:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe [2011.12.18 14:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe [2011.12.17 09:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg [2011.12.16 23:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.12.11 20:09:47 | 000,002,400 | ---- | C] () -- C:\Users\Gisela\untitled1_MAS.bak [2011.12.09 19:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk [2011.12.02 20:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.09.02 19:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010.09.02 19:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010.09.02 19:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.09.02 19:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.09.02 19:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2010.09.02 19:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010.09.02 19:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.01.14 22:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.01.14 22:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.01.14 22:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2009.10.30 22:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.11 20:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.11 20:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 20:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.28 16:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat [2009.06.11 10:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2009.06.11 10:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2009.06.11 10:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll [2009.05.06 18:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.09 12:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll [2009.03.30 11:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.03.30 11:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.03.30 11:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.03.30 11:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.13 12:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.13 12:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.13 12:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.13 12:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.13 12:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.13 12:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.08.13 12:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2008.08.13 12:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.08.13 12:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2008.08.13 11:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.04.22 00:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.01.21 09:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.12.2011 21:56:23 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free
3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS
Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT
Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4409C460-59B0-4EB6-BB54-CF5BEFA1E672}" = dir=in | app=c:\desktop\powerdirector\pdr.exe |
"{45264540-5051-4691-A91C-359DFBF42523}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6EFA4046-2605-4D7B-8276-4617424AF9EE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{220C7263-851E-4D91-8AEB-0E35FB464748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B52B132-DBFF-450C-A977-A555F9F478AB}C:\program files\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"TCP Query User{AB98DD90-54B5-401F-9232-2560D0FAB638}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BDE0859D-929E-42C9-B512-A59E607355B3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DCF6F3AB-9FEE-474B-AEF0-6214AAF6BA44}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=6 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{400DAD42-7B03-488F-A81C-C42C386E7841}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=17 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{63107EAC-D450-4E8E-85F5-03DE4934BFE3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{76AD0DBA-76DD-42B2-9255-3E6DCF9C4693}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{92512D89-335B-4F9A-A795-755C544D9294}C:\program files\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"UDP Query User{F24AE3C5-C421-4C51-9FF5-0C7625CD3FD4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Maple 12" = Maple 12
"Maxima-5.19.2_is1" = Maxima 5.19.2
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.07.2011 07:20:15 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.07.2011 14:40:59 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 05.07.2011 14:42:12 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.07.2011 05:17:53 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.07.2011 05:19:08 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.07.2011 14:59:52 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.07.2011 15:01:10 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.07.2011 05:19:47 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 07.07.2011 05:21:02 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.07.2011 15:42:12 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 22:13
| #29 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. TDSSKiller Code:
ATTFilter 22:03:14.0536 1068 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:03:14.0552 1068 ============================================================
22:03:14.0552 1068 Current date / time: 2011/12/20 22:03:14.0552
22:03:14.0552 1068 SystemInfo:
22:03:14.0552 1068
22:03:14.0552 1068 OS Version: 6.0.6002 ServicePack: 2.0
22:03:14.0552 1068 Product type: Workstation
22:03:14.0552 1068 ComputerName: GISELA-PC
22:03:14.0552 1068 UserName: Gisela
22:03:14.0552 1068 Windows directory: C:\Windows
22:03:14.0552 1068 System windows directory: C:\Windows
22:03:14.0552 1068 Processor architecture: Intel x86
22:03:14.0552 1068 Number of processors: 1
22:03:14.0552 1068 Page size: 0x1000
22:03:14.0552 1068 Boot type: Normal boot
22:03:14.0552 1068 ============================================================
22:03:15.0145 1068 Initialize success
22:03:31.0369 3924 ============================================================
22:03:31.0369 3924 Scan started
22:03:31.0369 3924 Mode: Manual; SigCheck; TDLFS;
22:03:31.0369 3924 ============================================================
22:03:32.0055 3924 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:03:32.0149 3924 ACPI - ok
22:03:32.0305 3924 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:03:32.0336 3924 adp94xx - ok
22:03:32.0445 3924 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:03:32.0461 3924 adpahci - ok
22:03:32.0695 3924 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:03:32.0710 3924 adpu160m - ok
22:03:32.0851 3924 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:03:32.0866 3924 adpu320 - ok
22:03:33.0100 3924 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:03:33.0178 3924 AFD - ok
22:03:33.0475 3924 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
22:03:33.0709 3924 AgereSoftModem - ok
22:03:34.0161 3924 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:03:34.0161 3924 agp440 - ok
22:03:34.0426 3924 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:03:34.0426 3924 aic78xx - ok
22:03:34.0847 3924 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:03:34.0847 3924 aliide - ok
22:03:34.0957 3924 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:03:34.0972 3924 amdagp - ok
22:03:35.0050 3924 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:03:35.0066 3924 amdide - ok
22:03:35.0128 3924 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:03:35.0237 3924 AmdK7 - ok
22:03:35.0362 3924 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:03:35.0409 3924 AmdK8 - ok
22:03:35.0487 3924 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:03:35.0487 3924 arc - ok
22:03:35.0596 3924 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:03:35.0612 3924 arcsas - ok
22:03:35.0674 3924 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:35.0721 3924 AsyncMac - ok
22:03:35.0783 3924 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:03:35.0799 3924 atapi - ok
22:03:35.0924 3924 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
22:03:36.0002 3924 athr - ok
22:03:36.0111 3924 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:03:36.0111 3924 avgio - ok
22:03:36.0220 3924 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:03:36.0267 3924 avgntflt - ok
22:03:36.0329 3924 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:03:36.0345 3924 avipbb - ok
22:03:36.0439 3924 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:03:36.0470 3924 Beep - ok
22:03:36.0579 3924 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:03:36.0626 3924 blbdrive - ok
22:03:36.0704 3924 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:03:36.0751 3924 bowser - ok
22:03:36.0829 3924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:03:36.0907 3924 BrFiltLo - ok
22:03:37.0000 3924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:03:37.0047 3924 BrFiltUp - ok
22:03:37.0094 3924 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:03:37.0156 3924 Brserid - ok
22:03:37.0219 3924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:03:37.0281 3924 BrSerWdm - ok
22:03:37.0375 3924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:03:37.0437 3924 BrUsbMdm - ok
22:03:37.0484 3924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:03:37.0546 3924 BrUsbSer - ok
22:03:37.0609 3924 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:03:37.0655 3924 BTHMODEM - ok
22:03:37.0733 3924 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:03:37.0796 3924 cdfs - ok
22:03:37.0889 3924 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:03:37.0905 3924 cdrom - ok
22:03:37.0967 3924 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:03:37.0999 3924 circlass - ok
22:03:38.0123 3924 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:03:38.0139 3924 CLFS - ok
22:03:38.0217 3924 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:03:38.0264 3924 CmBatt - ok
22:03:38.0326 3924 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:03:38.0326 3924 cmdide - ok
22:03:38.0404 3924 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:03:38.0420 3924 Compbatt - ok
22:03:38.0513 3924 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:03:38.0529 3924 crcdisk - ok
22:03:38.0591 3924 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:03:38.0623 3924 Crusoe - ok
22:03:38.0794 3924 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:03:38.0810 3924 disk - ok
22:03:38.0903 3924 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:03:38.0950 3924 drmkaud - ok
22:03:39.0044 3924 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:03:39.0059 3924 DXGKrnl - ok
22:03:39.0153 3924 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:03:39.0200 3924 E1G60 - ok
22:03:39.0309 3924 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:03:39.0325 3924 Ecache - ok
22:03:39.0403 3924 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:03:39.0418 3924 ElbyCDIO - ok
22:03:39.0481 3924 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:03:39.0496 3924 elxstor - ok
22:03:39.0559 3924 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:03:39.0605 3924 ErrDev - ok
22:03:39.0715 3924 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:03:39.0761 3924 exfat - ok
22:03:39.0839 3924 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:03:39.0886 3924 fastfat - ok
22:03:39.0980 3924 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:03:39.0995 3924 fdc - ok
22:03:40.0073 3924 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:03:40.0089 3924 FileInfo - ok
22:03:40.0136 3924 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:03:40.0198 3924 Filetrace - ok
22:03:40.0261 3924 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:40.0292 3924 flpydisk - ok
22:03:40.0385 3924 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:03:40.0401 3924 FltMgr - ok
22:03:40.0510 3924 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:03:40.0541 3924 Fs_Rec - ok
22:03:40.0619 3924 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:03:40.0666 3924 FwLnk - ok
22:03:40.0729 3924 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:03:40.0744 3924 gagp30kx - ok
22:03:40.0853 3924 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:03:40.0916 3924 HdAudAddService - ok
22:03:40.0994 3924 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:03:41.0025 3924 HDAudBus - ok
22:03:41.0087 3924 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:03:41.0150 3924 HidBth - ok
22:03:41.0259 3924 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:03:41.0290 3924 HidIr - ok
22:03:41.0353 3924 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:41.0399 3924 HidUsb - ok
22:03:41.0462 3924 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:03:41.0477 3924 HpCISSs - ok
22:03:41.0540 3924 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:03:41.0587 3924 HSFHWAZL - ok
22:03:41.0696 3924 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:03:41.0789 3924 HSF_DPV - ok
22:03:41.0883 3924 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:03:41.0945 3924 HSXHWAZL - ok
22:03:42.0055 3924 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
22:03:42.0148 3924 HTTP - ok
22:03:42.0257 3924 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:03:42.0304 3924 hwdatacard - ok
22:03:42.0413 3924 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:03:42.0413 3924 i2omp - ok
22:03:42.0507 3924 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:03:42.0554 3924 i8042prt - ok
22:03:42.0632 3924 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:03:42.0663 3924 iaStor - ok
22:03:42.0725 3924 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:03:42.0725 3924 iaStorV - ok
22:03:42.0881 3924 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:03:43.0069 3924 igfx - ok
22:03:43.0162 3924 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:03:43.0178 3924 iirsp - ok
22:03:43.0349 3924 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:03:43.0599 3924 IntcAzAudAddService - ok
22:03:43.0739 3924 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:03:43.0739 3924 intelide - ok
22:03:43.0786 3924 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:43.0833 3924 intelppm - ok
22:03:43.0911 3924 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:43.0942 3924 IpFilterDriver - ok
22:03:44.0020 3924 IpInIp - ok
22:03:44.0067 3924 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:03:44.0114 3924 IPMIDRV - ok
22:03:44.0176 3924 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:03:44.0192 3924 IPNAT - ok
22:03:44.0254 3924 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:03:44.0285 3924 IRENUM - ok
22:03:44.0379 3924 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:03:44.0379 3924 isapnp - ok
22:03:44.0473 3924 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:03:44.0488 3924 iScsiPrt - ok
22:03:44.0535 3924 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:03:44.0551 3924 iteatapi - ok
22:03:44.0597 3924 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:03:44.0613 3924 iteraid - ok
22:03:44.0691 3924 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:03:44.0738 3924 jswpslwf - ok
22:03:44.0831 3924 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:03:44.0831 3924 kbdclass - ok
22:03:44.0894 3924 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:03:44.0941 3924 kbdhid - ok
22:03:45.0019 3924 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:03:45.0034 3924 KSecDD - ok
22:03:45.0112 3924 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:45.0159 3924 lltdio - ok
22:03:45.0253 3924 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:03:45.0268 3924 LSI_FC - ok
22:03:45.0315 3924 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:03:45.0331 3924 LSI_SAS - ok
22:03:45.0424 3924 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:03:45.0440 3924 LSI_SCSI - ok
22:03:45.0471 3924 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:03:45.0533 3924 luafv - ok
22:03:45.0611 3924 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:03:45.0643 3924 mdmxsdk - ok
22:03:45.0736 3924 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:03:45.0736 3924 megasas - ok
22:03:45.0799 3924 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:03:45.0814 3924 MegaSR - ok
22:03:45.0845 3924 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:03:45.0892 3924 Modem - ok
22:03:45.0955 3924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:03:46.0001 3924 monitor - ok
22:03:46.0079 3924 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:03:46.0095 3924 mouclass - ok
22:03:46.0142 3924 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:46.0157 3924 mouhid - ok
22:03:46.0204 3924 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:03:46.0220 3924 MountMgr - ok
22:03:46.0251 3924 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:03:46.0267 3924 mpio - ok
22:03:46.0329 3924 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:03:46.0345 3924 mpsdrv - ok
22:03:46.0423 3924 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:03:46.0438 3924 Mraid35x - ok
22:03:46.0516 3924 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:03:46.0563 3924 MRxDAV - ok
22:03:46.0625 3924 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:46.0672 3924 mrxsmb - ok
22:03:46.0797 3924 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:46.0828 3924 mrxsmb10 - ok
22:03:46.0875 3924 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:46.0891 3924 mrxsmb20 - ok
22:03:46.0953 3924 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:03:46.0969 3924 msahci - ok
22:03:47.0015 3924 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:03:47.0031 3924 msdsm - ok
22:03:47.0125 3924 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:03:47.0171 3924 Msfs - ok
22:03:47.0249 3924 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:03:47.0249 3924 msisadrv - ok
22:03:47.0312 3924 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:47.0374 3924 MSKSSRV - ok
22:03:47.0483 3924 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:47.0530 3924 MSPCLOCK - ok
22:03:47.0593 3924 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:03:47.0639 3924 MSPQM - ok
22:03:47.0717 3924 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:03:47.0733 3924 MsRPC - ok
22:03:47.0780 3924 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:03:47.0795 3924 mssmbios - ok
22:03:47.0920 3924 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:03:47.0967 3924 MSTEE - ok
22:03:48.0014 3924 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:03:48.0029 3924 Mup - ok
22:03:48.0123 3924 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:48.0154 3924 NativeWifiP - ok
22:03:48.0295 3924 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:03:48.0326 3924 NDIS - ok
22:03:48.0404 3924 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:48.0435 3924 NdisTapi - ok
22:03:48.0482 3924 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:48.0513 3924 Ndisuio - ok
22:03:48.0622 3924 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:48.0653 3924 NdisWan - ok
22:03:48.0700 3924 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:03:48.0731 3924 NDProxy - ok
22:03:48.0794 3924 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:03:48.0841 3924 NetBIOS - ok
22:03:48.0965 3924 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:03:48.0997 3924 netbt - ok
22:03:49.0075 3924 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:03:49.0075 3924 nfrd960 - ok
22:03:49.0168 3924 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:03:49.0199 3924 Npfs - ok
22:03:49.0262 3924 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:03:49.0309 3924 nsiproxy - ok
22:03:49.0465 3924 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:03:49.0511 3924 Ntfs - ok
22:03:49.0574 3924 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:03:49.0621 3924 ntrigdigi - ok
22:03:49.0699 3924 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:03:49.0730 3924 Null - ok
22:03:49.0823 3924 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:03:49.0839 3924 nvraid - ok
22:03:49.0886 3924 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:03:49.0901 3924 nvstor - ok
22:03:49.0948 3924 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:03:49.0948 3924 nv_agp - ok
22:03:49.0995 3924 NwlnkFlt - ok
22:03:50.0026 3924 NwlnkFwd - ok
22:03:50.0120 3924 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:03:50.0167 3924 ohci1394 - ok
22:03:50.0245 3924 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:03:50.0276 3924 Parport - ok
22:03:50.0354 3924 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:03:50.0369 3924 partmgr - ok
22:03:50.0416 3924 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:03:50.0479 3924 Parvdm - ok
22:03:50.0603 3924 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:03:50.0619 3924 pci - ok
22:03:50.0666 3924 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:03:50.0681 3924 pciide - ok
22:03:50.0728 3924 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:03:50.0744 3924 pcmcia - ok
22:03:50.0806 3924 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:03:50.0869 3924 PEAUTH - ok
22:03:51.0009 3924 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:51.0040 3924 PptpMiniport - ok
22:03:51.0087 3924 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:03:51.0118 3924 Processor - ok
22:03:51.0227 3924 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:03:51.0243 3924 PSched - ok
22:03:51.0368 3924 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:03:51.0415 3924 ql2300 - ok
22:03:51.0477 3924 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:03:51.0493 3924 ql40xx - ok
22:03:51.0524 3924 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:03:51.0586 3924 QWAVEdrv - ok
22:03:51.0617 3924 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:51.0664 3924 RasAcd - ok
22:03:51.0758 3924 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:51.0820 3924 Rasl2tp - ok
22:03:51.0898 3924 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:51.0945 3924 RasPppoe - ok
22:03:52.0007 3924 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:52.0007 3924 RasSstp - ok
22:03:52.0117 3924 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:52.0163 3924 rdbss - ok
22:03:52.0226 3924 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:52.0257 3924 RDPCDD - ok
22:03:52.0304 3924 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:03:52.0335 3924 rdpdr - ok
22:03:52.0397 3924 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:03:52.0460 3924 RDPENCDD - ok
22:03:52.0569 3924 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:03:52.0600 3924 RDPWD - ok
22:03:52.0694 3924 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:52.0709 3924 rspndr - ok
22:03:52.0787 3924 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:03:52.0834 3924 RTL8169 - ok
22:03:52.0928 3924 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:03:52.0975 3924 RTSTOR - ok
22:03:53.0021 3924 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:03:53.0037 3924 sbp2port - ok
22:03:53.0099 3924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:03:53.0162 3924 secdrv - ok
22:03:53.0240 3924 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:03:53.0271 3924 Serenum - ok
22:03:53.0365 3924 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:03:53.0427 3924 Serial - ok
22:03:53.0489 3924 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:03:53.0521 3924 sermouse - ok
22:03:53.0614 3924 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:03:53.0645 3924 sffdisk - ok
22:03:53.0692 3924 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:53.0739 3924 sffp_mmc - ok
22:03:53.0833 3924 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:03:53.0864 3924 sffp_sd - ok
22:03:53.0926 3924 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:03:53.0973 3924 sfloppy - ok
22:03:54.0035 3924 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:03:54.0051 3924 sisagp - ok
22:03:54.0113 3924 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:03:54.0113 3924 SiSRaid2 - ok
22:03:54.0176 3924 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:03:54.0191 3924 SiSRaid4 - ok
22:03:54.0301 3924 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:03:54.0332 3924 Smb - ok
22:03:54.0410 3924 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:03:54.0425 3924 spldr - ok
22:03:54.0519 3924 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
22:03:54.0535 3924 sptd - ok
22:03:54.0644 3924 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:03:54.0706 3924 srv - ok
22:03:54.0769 3924 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:03:54.0815 3924 srv2 - ok
22:03:54.0878 3924 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:54.0893 3924 srvnet - ok
22:03:54.0987 3924 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:03:54.0987 3924 ssmdrv - ok
22:03:55.0081 3924 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:03:55.0096 3924 swenum - ok
22:03:55.0143 3924 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:03:55.0159 3924 Symc8xx - ok
22:03:55.0205 3924 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:03:55.0205 3924 Sym_hi - ok
22:03:55.0299 3924 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:03:55.0315 3924 Sym_u3 - ok
22:03:55.0393 3924 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:55.0408 3924 SynTP - ok
22:03:55.0517 3924 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:03:55.0595 3924 Tcpip - ok
22:03:55.0689 3924 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:55.0767 3924 Tcpip6 - ok
22:03:55.0861 3924 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:03:55.0923 3924 tcpipreg - ok
22:03:56.0032 3924 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:03:56.0063 3924 tdcmdpst - ok
22:03:56.0110 3924 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:03:56.0141 3924 TDPIPE - ok
22:03:56.0219 3924 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:03:56.0251 3924 TDTCP - ok
22:03:56.0344 3924 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:03:56.0375 3924 tdx - ok
22:03:56.0485 3924 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:03:56.0500 3924 TermDD - ok
22:03:56.0609 3924 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:03:56.0625 3924 tos_sps32 - ok
22:03:56.0672 3924 TridVid (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys
22:03:56.0703 3924 TridVid ( UnsignedFile.Multi.Generic ) - warning
22:03:56.0703 3924 TridVid - detected UnsignedFile.Multi.Generic (1)
22:03:56.0812 3924 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:56.0843 3924 tssecsrv - ok
22:03:56.0890 3924 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:03:56.0921 3924 tunmp - ok
22:03:57.0031 3924 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:57.0062 3924 tunnel - ok
22:03:57.0140 3924 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:03:57.0155 3924 TVALZ - ok
22:03:57.0218 3924 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:03:57.0218 3924 uagp35 - ok
22:03:57.0280 3924 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:03:57.0311 3924 udfs - ok
22:03:57.0374 3924 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:03:57.0389 3924 uliagpkx - ok
22:03:57.0467 3924 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:03:57.0483 3924 uliahci - ok
22:03:57.0530 3924 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:03:57.0545 3924 UlSata - ok
22:03:57.0623 3924 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:03:57.0655 3924 ulsata2 - ok
22:03:57.0686 3924 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:03:57.0717 3924 umbus - ok
22:03:57.0811 3924 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:57.0842 3924 usbccgp - ok
22:03:57.0889 3924 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:03:57.0935 3924 usbcir - ok
22:03:58.0029 3924 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:03:58.0045 3924 usbehci - ok
22:03:58.0123 3924 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:03:58.0169 3924 usbhub - ok
22:03:58.0247 3924 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:03:58.0294 3924 usbohci - ok
22:03:58.0372 3924 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:58.0419 3924 usbprint - ok
22:03:58.0497 3924 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:58.0544 3924 usbscan - ok
22:03:58.0606 3924 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:58.0637 3924 USBSTOR - ok
22:03:58.0715 3924 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:03:58.0731 3924 usbuhci - ok
22:03:58.0809 3924 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:03:58.0840 3924 usbvideo - ok
22:03:58.0918 3924 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
22:03:58.0949 3924 VClone - ok
22:03:59.0043 3924 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:59.0059 3924 vga - ok
22:03:59.0152 3924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:03:59.0183 3924 VgaSave - ok
22:03:59.0246 3924 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:03:59.0261 3924 viaagp - ok
22:03:59.0308 3924 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:03:59.0355 3924 ViaC7 - ok
22:03:59.0402 3924 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:03:59.0417 3924 viaide - ok
22:03:59.0542 3924 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:03:59.0558 3924 volmgr - ok
22:03:59.0651 3924 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:03:59.0667 3924 volmgrx - ok
22:03:59.0729 3924 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:03:59.0745 3924 volsnap - ok
22:03:59.0792 3924 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:03:59.0807 3924 vsmraid - ok
22:03:59.0917 3924 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:03:59.0979 3924 WacomPen - ok
22:04:00.0057 3924 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0088 3924 Wanarp - ok
22:04:00.0104 3924 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0135 3924 Wanarpv6 - ok
22:04:00.0197 3924 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:04:00.0229 3924 Wd - ok
22:04:00.0307 3924 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:04:00.0338 3924 Wdf01000 - ok
22:04:00.0431 3924 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:04:00.0525 3924 winachsf - ok
22:04:00.0634 3924 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:04:00.0665 3924 WmiAcpi - ok
22:04:00.0775 3924 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:00.0821 3924 ws2ifsl - ok
22:04:00.0899 3924 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:00.0931 3924 WUDFRd - ok
22:04:01.0024 3924 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:04:01.0040 3924 XAudio - ok
22:04:01.0087 3924 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:04:01.0243 3924 \Device\Harddisk0\DR0 - ok
22:04:01.0258 3924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:04:01.0367 3924 \Device\Harddisk1\DR1 - ok
22:04:01.0367 3924 Boot (0x1200) (ee927f59cc580f4744aaa761d6bbc12a) \Device\Harddisk0\DR0\Partition0
22:04:01.0367 3924 \Device\Harddisk0\DR0\Partition0 - ok
22:04:01.0399 3924 Boot (0x1200) (d906ad2edc756e2d58a56ce8ae2c511c) \Device\Harddisk0\DR0\Partition1
22:04:01.0399 3924 \Device\Harddisk0\DR0\Partition1 - ok
22:04:01.0414 3924 Boot (0x1200) (8de33614e07dc00c79efbb62e5dd6617) \Device\Harddisk1\DR1\Partition0
22:04:01.0414 3924 \Device\Harddisk1\DR1\Partition0 - ok
22:04:01.0414 3924 ============================================================
22:04:01.0414 3924 Scan finished
22:04:01.0414 3924 ============================================================
22:04:01.0445 2748 Detected object count: 1
22:04:01.0445 2748 Actual detected object count: 1
22:04:25.0781 2748 HKLM\SYSTEM\ControlSet001\services\TridVid - will be deleted on reboot
22:04:25.0813 2748 HKLM\SYSTEM\ControlSet002\services\TridVid - will be deleted on reboot
22:04:25.0859 2748 C:\Windows\system32\DRIVERS\TridVid.sys - will be deleted on reboot
22:04:25.0859 2748 TridVid ( UnsignedFile.Multi.Generic ) - User select action: Delete
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L300
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 150):
0x8203A000 \SystemRoot\system32\ntkrnlpa.exe
0x82007000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80485000 \SystemRoot\system32\PSHED.dll
0x80496000 \SystemRoot\system32\BOOTVID.dll
0x8049E000 \SystemRoot\system32\CLFS.SYS
0x804DF000 \SystemRoot\system32\CI.dll
0x805BF000 \SystemRoot\System32\drivers\pcrcx.sys
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
0x80798000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8079F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8260C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x826DA000 \SystemRoot\system32\drivers\atapi.sys
0x826E2000 \SystemRoot\system32\drivers\ataport.SYS
0x82700000 \SystemRoot\system32\drivers\msahci.sys
0x8270A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8273C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8274C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A00000 \SystemRoot\system32\drivers\ndis.sys
0x87B0B000 \SystemRoot\system32\drivers\msrpc.sys
0x87B36000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C08000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F19000 \SystemRoot\system32\drivers\volsnap.sys
0x87F52000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x87F57000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x87F9A000 \SystemRoot\System32\Drivers\spldr.sys
0x87FA2000 \SystemRoot\System32\Drivers\mup.sys
0x87FB1000 \SystemRoot\System32\drivers\ecache.sys
0x87FD8000 \SystemRoot\system32\drivers\disk.sys
0x87D0D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FE9000 \SystemRoot\system32\drivers\crcdisk.sys
0x87B71000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87C00000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x87B7C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87DFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BEEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF8C000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF98000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BFA3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BFE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C095000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C0B6000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C19A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C1AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C1B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C1E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C1F4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x87B8B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87BA3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x827BD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87BD2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x87BE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87BF4000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8C207000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C22D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C22F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C259000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C263000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C270000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C2A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C800000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C2B6000 \SystemRoot\system32\drivers\portcls.sys
0x8C2E3000 \SystemRoot\system32\drivers\drmk.sys
0x8C308000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CA07000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CB0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CBBF000 \SystemRoot\system32\drivers\modem.sys
0x8CBCC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CBD5000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBDC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CBE3000 \SystemRoot\System32\drivers\vga.sys
0x8C346000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBEF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBF7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C367000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C372000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C380000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C389000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C39F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C3B3000 \SystemRoot\system32\drivers\afd.sys
0x8CE09000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE3B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE51000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x8CE56000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE64000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CE77000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CE7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CEB9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CEC3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x8CEC8000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CEEF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8CEF1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CEFE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94670000 \SystemRoot\System32\win32k.sys
0x8CFCC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CFD6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94890000 \SystemRoot\System32\TSDDD.dll
0x948B0000 \SystemRoot\System32\cdd.dll
0x8CFE5000 \SystemRoot\system32\drivers\luafv.sys
0x87D2E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x87D45000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x87D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x87FF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x87D7F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA8A09000 \SystemRoot\system32\drivers\spsys.sys
0xA8AB9000 \SystemRoot\system32\drivers\HTTP.sys
0xA8B26000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA8B43000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA8B5C000 \SystemRoot\system32\drivers\mrxdav.sys
0xA8B7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8B9C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8BD5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x87D92000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9204000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9253000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9257000 \SystemRoot\system32\drivers\peauth.sys
0xA9335000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA933F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA934B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA9353000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA9371000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA9386000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA93AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA93C3000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA93D5000 \SystemRoot\system32\drivers\13992015.sys
0x77330000 \Windows\System32\ntdll.dll
Processes (total 63):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
584 csrss.exe
628 C:\Windows\System32\wininit.exe
636 csrss.exe
684 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
988 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\SLsvc.exe
1260 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\wlanext.exe
1784 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\dwm.exe
1992 C:\Windows\explorer.exe
2020 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\SearchIndexer.exe
116 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2016 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
2068 C:\Windows\System32\igfxtray.exe
2076 C:\Windows\System32\hkcmd.exe
2084 C:\Windows\System32\igfxpers.exe
2092 C:\Windows\RtHDVCpl.exe
2108 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2116 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2124 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2140 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2148 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
2164 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
2188 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
2204 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2276 C:\Program Files\Windows Sidebar\sidebar.exe
2284 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2344 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2676 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
2888 C:\Windows\System32\igfxsrvc.exe
3000 C:\Windows\System32\taskeng.exe
3600 C:\Windows\System32\igfxext.exe
3660 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3672 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
2224 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3332 C:\Windows\System32\svchost.exe
2972 WUDFHost.exe
1836 WmiPrvSE.exe
3128 C:\Windows\System32\SearchProtocolHost.exe
2260 C:\Windows\System32\SearchFilterHost.exe
232 dllhost.exe
804 dllhost.exe
1076 C:\Users\Gisela\Desktop\MBRCheck.exe
2052 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000 (NTFS)
PhysicalDrive0 Model Number: FUJITSUMHZ2160BHG1, Rev: 0040020C
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
__________________ Alles, was lediglich wahrscheinlich ist, ist wahrscheinlich falsch. |
|
20.12.2011, 22:37
| #30 |
| | unbekannter Virus, blockiert Antivir, MBAM, Otl etc. Hi, ein kleiner Fix noch, dann solltest Du noch den CCleaner laufen lassen... Fix für OTL
 Code:
ATTFilter
:OTL
[2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[Reboot]
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu unbekannter Virus, blockiert Antivir, MBAM, Otl etc. |
| antivir, avira, blockiert, explorer, fake-meldung, fehlermeldung, firefox, forum, gelöscht, gmer, hijack, hijackthis, home, laptop, ordner, programm, scan, seite, seiten, sekunden, system, temp, virus, vista, windows, windows vista home, windows vista home basic |
Linear-Darstellung
