| |
| |||||||
Log-Analyse und Auswertung: BundespolizeivirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
20.12.2011, 02:59
| #1 |
 |  Bundespolizeivirus Hallo, Ich hab mir vor ein paar Stunden das bekannte Bundespolizeivirus eingefangen und hab Windows sofort im abgesicherten Modus gestartet um einen Virusscan via Antivir durchzuführen. Dieser hat 9 Viren gefunden und gelöscht. Danach hab ich nochmal CCleaner laufen lassen und habe anschließend unter msconfig den Start des Virus unter dem Namen verhindert. Es ließ sich auf die Anwendung rundll32.exe zurückführen. Ich hab veruscht diesen in der registry zu löschen, doch vergebens. Naja ich hab zu guter letzt Malwarebyte seine Arbeit verrichten lassen. Jetzt wollte ich wissen ob sich nun noch andere Viren auf meinem Rechner befinden und ob das mit rundll32.exe nun geklärt ist. Danke Schonmal für die Antwort. MfG RamboGS Hier ist der Malwarebyte-Scan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7622
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
20.12.2011 03:51:28
mbam-log-2011-12-20 (03-51-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 419141
Laufzeit: 59 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FFAFC99C-9AFD-FEED-E45A-26A6DEEB2A7F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFAFC99C-9AFD-FEED-E45A-26A6DEEB2A7F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\uninstall fun web products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\Local\Temp\0.32845481590782644.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\Roaming\Google\chrome.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
|
|
20.12.2011, 14:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizeivirus Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
__________________
__________________ |
|
20.12.2011, 16:11
| #3 |
| | BundespolizeivirusCode:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8403
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
20.12.2011 17:08:56
mbam-log-2011-12-20 (17-08-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 419687
Laufzeit: 57 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\5f519126-1611527f (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
|
|
20.12.2011, 20:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
20.12.2011, 23:34
| #5 |
| | Bundespolizeivirus Hier der Eset Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71a72eb7ce42f9488dac170795387e7d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:21:53
# local_time=2011-12-21 12:21:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13784 13784 0 0
# compatibility_mode=5893 16776573 100 94 13814 76044529 0 0
# compatibility_mode=8192 67108863 100 0 3773 3773 0 0
# scanned=241123
# found=1
# cleaned=0
# scan_time=8634
C:\Users\Rambo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44149a02-18e3e84c a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I I
|
|
21.12.2011, 09:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Bundespolizeivirus |
|
21.12.2011, 15:43
| #7 |
| | Bundespolizeivirus OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2011 16:22:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rambo\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,62% Memory free 15,98 Gb Paging File | 14,31 Gb Available in Paging File | 89,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 560,32 Gb Total Space | 249,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS Drive D: | 371,09 Gb Total Space | 370,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: RAMBO-PC | User Name: Rambo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.21 16:20:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe PRC - [2011.12.09 12:40:08 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe PRC - [2011.12.09 12:40:07 | 000,577,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe PRC - [2009.10.21 05:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.02 07:39:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.11.02 07:39:08 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.11.02 07:39:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.11.02 07:38:55 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.11.02 07:38:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.11.02 07:38:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.11.02 07:38:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.11.02 07:38:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.06.10 16:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\DBIOS.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.26 22:30:00 | 004,213,816 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock) SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.14 23:09:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009.10.26 16:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.10.26 16:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.12.21 16:16:52 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.07.19 18:58:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2011.02.01 22:41:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 95 EF F9 9E 33 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.23 16:49:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.16 18:02:02 | 000,000,000 | ---D | M] [2011.01.06 18:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rambo\AppData\Roaming\mozilla\Extensions [2011.11.12 17:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions [2011.01.17 00:58:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.02 08:02:27 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions\firefox@tvunetworks.com [2011.12.15 19:44:06 | 000,001,052 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml [2011.07.08 16:01:21 | 000,003,930 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml [2011.11.23 16:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\RAMBO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TS2HM3OG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.02.25 13:16:46 | 002,409,984 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll [2011.02.25 13:21:50 | 001,467,904 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2011.02.13 02:25:56 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Flatcast Producer Plugin 5.3.0.717 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFp530.dll CHR - plugin: Flatcast Viewer Plugin 5.3.0.717 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Google Update (Enabled) = C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_1\ CHR - Extension: Chuck Anderson = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_1\ CHR - Extension: Google Mail = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\RunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe () O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta () O8 - Extra context menu item: Free YouTube Download - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6D8630A-1325-477B-A009-E2D357A534F7}: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D026880B-4607-49FD-B3BC-2D37E37C1833}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell - "" = AutoRun O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Rambo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.32845481590782644.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Rambo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MsConfig:64bit - StartUpReg: QuickFinder Scheduler - hkey= - key= - C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll () Drivers32:64bit: vidc.mpeg - bdmpegv64.dll () Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll () Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll () Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.21 16:20:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe [2011.12.20 21:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.20 21:54:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rambo\Desktop\esetsmartinstaller_enu.exe [2011.12.20 19:13:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Avira [2011.12.20 19:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.20 19:08:18 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.20 19:08:18 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.20 19:08:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.20 19:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.20 19:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.20 19:06:22 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4EE07DE1-5F45-43A3-AC71-B842F348E519} [2011.12.20 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{095996F7-E2EF-427B-A9A5-ADBD8FAC607A} [2011.12.20 18:46:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.12.20 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\Google [2011.12.20 15:45:48 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{35316C30-A55A-43BE-B4CE-CF18B867FC46} [2011.12.20 02:48:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Malwarebytes [2011.12.20 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.20 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.20 02:48:24 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.20 02:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.20 02:13:56 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CBB5335D-1610-4A85-8B0C-BB02A2A28032} [2011.12.20 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3BD5C8C6-22F4-43E9-80E4-E1073DEE692D} [2011.12.19 23:37:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{89B606F5-CD36-418A-BE21-EB4F3BAB18E1} [2011.12.19 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BC7CF223-3F90-42B7-8713-2B4CFC488128} [2011.12.19 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CA8D8C93-FB75-44FA-B5B1-7EB399F0F804} [2011.12.19 19:41:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8F420AE7-6656-4864-B57B-66FE2C40B6B0} [2011.12.19 19:39:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.12.19 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A8AA975A-7271-4B1A-A678-579982398396} [2011.12.19 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A742976C-D652-4ABA-A682-241EC45C6A9A} [2011.12.18 21:11:07 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{74C22AF2-4F84-4BAA-BF1D-BEF83327EF9B} [2011.12.18 21:10:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{171E54D7-C145-4B8A-A81E-D54B0836CAF0} [2011.12.16 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FC771171-F8BA-436C-B808-43F3AB8F7BA3} [2011.12.16 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{62E519EA-EC86-488E-9D74-9C03673735AB} [2011.12.16 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0203BD67-6A08-4661-B3D7-FBD0FCF3EA92} [2011.12.16 13:43:29 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{94782109-4E98-4FBD-B8ED-BB1CCC408B0D} [2011.12.15 18:44:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7CE9E8D6-5501-4340-BA01-3299C1FAEE3E} [2011.12.15 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DD8942A1-4CC6-45BE-950E-CDC713E447B5} [2011.12.15 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2B67161A-C36D-4A13-9A17-2BC38C4023EF} [2011.12.15 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BECD5FAB-D702-4ACF-8AC5-4B969FF18E4F} [2011.12.15 07:09:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0CF471CC-4DEF-486C-9DEA-7968F06F79CD} [2011.12.15 07:08:57 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C37BA41F-4C66-423E-9AF3-C755CACC4EB3} [2011.12.14 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7726ED76-0371-43A2-AE4D-18BADAFD2960} [2011.12.14 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6BBADADA-C8CF-4D61-9110-A798874D5A0D} [2011.12.13 22:14:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6C936644-2CC5-41BD-A504-16B3ED26127B} [2011.12.13 22:14:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{84F7C21F-C6DA-48BC-9B62-82936FA6AFF1} [2011.12.13 18:15:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{E1EECA4A-AD5C-4D7E-A01D-5AE6B8BF8311} [2011.12.13 18:15:42 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7716FD1E-D4FC-435E-A52C-2635B58176F7} [2011.12.12 17:34:49 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6C5F8C6E-C191-4C29-900B-6222FAFF4B82} [2011.12.12 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{1741313D-72EB-4190-AC5F-2285A096E1B9} [2011.12.12 15:16:12 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{248DBDC1-ECF3-498C-84A4-CE72F29FE5EC} [2011.12.12 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{B49A44AB-64E3-4B1A-BC63-44AD19148B9D} [2011.12.12 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4AFC9339-2B95-48C6-993B-2BF1883E01C9} [2011.12.12 12:11:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{EF8AEBCD-D092-4CDA-B7CB-D62335216147} [2011.12.11 23:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2011.12.11 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ [2011.12.11 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A8B5DF0D-BAAA-49CB-AF8C-45F59C332B65} [2011.12.11 13:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5AB9515D-18E4-4844-8209-AE142038AB9E} [2011.12.08 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{70759B8E-CDC3-488A-9606-DE7A6F822161} [2011.12.08 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{954FFC7E-3592-4731-9801-B1CE7F192440} [2011.12.07 20:53:49 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{F6D8EF02-351E-45B5-8FF7-1243A912358E} [2011.12.07 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{AB32AA3B-2F87-4C83-AE5B-1E429DF42460} [2011.12.07 15:28:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8E205421-458A-453E-9985-180D0FE7FEE0} [2011.12.07 15:28:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{92B4FABC-1DC6-4799-B3EA-8E63522D7D5B} [2011.12.06 14:40:45 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{B7177CD1-7002-4E77-8126-A1BFA52FDFC7} [2011.12.06 14:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DC2517CD-4BC0-4740-AE1B-072F450CC580} [2011.12.05 10:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{34C86A36-635D-495B-AF47-F5F76914CDEE} [2011.12.05 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3E606C8F-9471-49FB-9C8C-DD27BD218B06} [2011.12.04 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0178E64A-5F3E-481F-9179-12FADC0E6EF8} [2011.12.04 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C497CD4F-8564-4E9A-8240-7BC11AFCB7AB} [2011.12.04 12:15:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C5E7FFC0-D3C3-4789-993B-0034755FA269} [2011.12.04 12:15:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{10B8F5C8-A5A3-4B48-AC03-E74CFC344740} [2011.12.03 19:04:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{AB74ED35-C7CF-41CE-8AC4-EE9C3397455B} [2011.12.03 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{22D76FCE-93F3-4035-B6BA-61FEE24CDE45} [2011.12.03 13:30:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{690FE88E-6911-4A80-96DC-4ED35ACE0DF8} [2011.12.03 13:29:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{14538A51-F455-4A10-A91C-0C3B5660A693} [2011.12.02 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{442D96A2-64CC-47B7-ACCA-87F31BC2CF7C} [2011.12.02 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{263FD923-9C34-44BA-99C1-40C6EC88758D} [2011.12.02 17:20:50 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7BD731E4-2871-4727-BA3F-A70B78DC6109} [2011.12.02 17:20:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C9079060-B69C-4E87-A521-DC88DD7745C6} [2011.12.01 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A34B06D4-5BE7-44A0-8546-7F3EC842DE15} [2011.12.01 14:20:53 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2FF6DC2E-60A7-49A0-AB5D-849CCD881342} [2011.11.30 16:27:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{509863D9-A032-4209-A68E-836861B739E0} [2011.11.30 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BDDDE4AD-AC5E-4BE3-AFE3-6E72C3E31B03} [2011.11.29 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D8B8565D-8836-468E-B870-BE744D1DBE0E} [2011.11.29 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4E98CA36-47EA-40C5-B050-A8E24F14497E} [2011.11.29 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8B7AC40E-A7B4-4A01-A905-4A37B1616EC9} [2011.11.29 18:52:58 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{813A3D31-85EB-49CD-835D-ED95A4D3504C} [2011.11.29 15:32:42 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5464647D-94A6-4289-A1C0-A59FD31E111F} [2011.11.29 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{9EBB26C7-7E74-48BA-ADC3-4F269E3312E4} [2011.11.29 14:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DCA25978-5609-400A-AFFA-FF6228267698} [2011.11.29 14:47:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2A2E6537-9B31-46C3-AF3C-8D7BD1453105} [2011.11.29 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{1725965A-5E4B-478F-BC10-CB2CD03217A8} [2011.11.29 10:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CED33FFA-D025-422B-988F-AAF45A5C6FDD} [2011.11.28 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\vlc [2011.11.28 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.11.28 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FF3BBD32-2898-46C8-8DEF-D2B5BD204AD3} [2011.11.28 16:28:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DBBAD3B4-9EA3-4CB0-8A84-956D20A33B99} [2011.11.27 13:58:52 | 000,000,000 | ---D | C] -- C:\Users\Rambo\Documents\Assassin's Creed Revelations [2011.11.26 23:27:18 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2011.11.26 23:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2011.11.26 23:27:12 | 000,000,000 | ---D | C] -- C:\Users\Rambo\Documents\VirtualDJ [2011.11.26 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6673048C-702C-4DE6-8F41-687335503F40} [2011.11.26 10:30:02 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{81A5166D-95E4-4308-8B3F-0C115F381AC8} [2011.11.25 20:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.25 20:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011.11.25 20:09:48 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D7ADA500-ECE6-465E-BF64-6F8EAF421078} [2011.11.25 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.11.25 20:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.25 20:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.11.25 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D55929D7-92FB-4FBD-A5B3-769270B0EE01} [2011.11.25 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5E57868A-246C-49FC-9365-598CD174AEEB} [2011.11.25 13:35:02 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6133694F-5388-4D78-9653-9F6B7BE1E7A6} [2011.11.25 00:53:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7C781908-2063-4B2A-9407-CF183098ED30} [2011.11.25 00:53:03 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{EE8C8B73-027D-4B55-82DE-06DD7327EEBF} [2011.11.24 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BCB5C562-6754-4B21-9C1A-B506BF8FEECF} [2011.11.24 17:58:27 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3423836E-F9F1-4FDC-8516-23671E64E1F2} [2011.11.24 15:29:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A49CEE66-EA3C-4E65-A921-BC7FC7AEA563} [2011.11.24 15:28:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FCD45803-87AC-41B0-9080-DA415FB27FFF} [2011.11.23 16:42:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.23 16:15:31 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{43747F8A-E708-46AE-8427-C2F544514A44} [2011.11.23 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D6DA9891-4CBB-497B-859A-60303B65844C} [2011.11.23 00:08:26 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C94F4D6E-80D5-4DCE-9ED5-68743FB59586} [2011.11.23 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6390E8A4-F95F-4788-B3F5-E95A6CCD436D} [2011.11.22 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CCC78BE0-F80B-4CCC-803A-17153C81D583} [2011.11.22 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{39C1B0F6-179C-49A3-84A7-C18E846184CC} [2011.11.22 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{77135A6E-DE8C-4BA1-96E3-FCD652F177BB} [2011.11.22 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{451F7E57-7949-4F2A-AE96-EA973EA13BF2} ========== Files - Modified Within 30 Days ========== [2011.12.21 16:24:58 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 16:24:57 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 16:20:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe [2011.12.21 16:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.21 16:16:20 | 2140,737,535 | -HS- | M] () -- C:\hiberfil.sys [2011.12.21 01:49:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000UA.job [2011.12.20 21:55:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Rambo\Desktop\esetsmartinstaller_enu.exe [2011.12.20 19:08:33 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.20 18:59:29 | 000,000,848 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.12.20 18:49:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000Core.job [2011.12.20 18:46:14 | 000,002,318 | ---- | M] () -- C:\Users\Rambo\Desktop\Google Chrome.lnk [2011.12.20 02:48:28 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.18 14:19:13 | 375,403,873 | ---- | M] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 11 (ger sub) [x264, AAC] [AD2B8B4E].mkv [2011.12.12 00:12:51 | 375,302,845 | ---- | M] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 10 (ger sub) [x264, AAC] [9E25A1D0].mkv [2011.12.11 23:29:35 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk [2011.12.11 14:20:36 | 000,017,200 | ---- | M] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.03 19:09:51 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 19:09:51 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 19:09:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 19:09:51 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 19:09:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.28 16:27:49 | 004,882,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.26 23:27:18 | 000,001,056 | ---- | M] () -- C:\Users\Rambo\Desktop\VirtualDJ Home FREE.lnk [2011.11.24 20:16:23 | 000,164,267 | ---- | M] () -- C:\Users\Rambo\Desktop\One_Piece.jpg [2011.11.23 16:49:14 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2011.12.20 19:08:33 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.20 18:46:14 | 000,002,318 | ---- | C] () -- C:\Users\Rambo\Desktop\Google Chrome.lnk [2011.12.20 18:45:37 | 375,403,873 | ---- | C] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 11 (ger sub) [x264, AAC] [AD2B8B4E].mkv [2011.12.20 18:44:34 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000UA.job [2011.12.20 18:44:33 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000Core.job [2011.12.20 02:48:28 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.20 00:07:16 | 375,302,845 | ---- | C] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 10 (ger sub) [x264, AAC] [9E25A1D0].mkv [2011.12.11 23:29:35 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk [2011.12.11 14:20:36 | 000,017,200 | ---- | C] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc [2011.11.26 23:27:18 | 000,001,056 | ---- | C] () -- C:\Users\Rambo\Desktop\VirtualDJ Home FREE.lnk [2011.11.24 20:16:23 | 000,164,267 | ---- | C] () -- C:\Users\Rambo\Desktop\One_Piece.jpg [2011.11.23 16:49:14 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.11.23 16:49:14 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.11.20 05:18:24 | 000,000,130 | ---- | C] () -- C:\Windows\Wininit.INI [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.04.10 00:54:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.14 03:11:30 | 000,128,023 | ---- | C] () -- C:\Windows\hpwins27.dat [2011.02.14 03:11:30 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat [2011.01.15 19:41:38 | 000,007,605 | ---- | C] () -- C:\Users\Rambo\AppData\Local\Resmon.ResmonCfg [2011.01.15 18:22:08 | 000,000,132 | ---- | C] () -- C:\Users\Rambo\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.01.14 17:02:35 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.01.08 01:57:24 | 000,000,000 | ---- | C] () -- C:\Users\Rambo\AppData\Roaming\chrtmp [2011.01.06 16:15:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.01.06 16:12:09 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll [2011.01.05 19:57:31 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.01.05 19:53:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.05.06 11:26:23 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe ========== LOP Check ========== [2011.08.17 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\.minecraft [2011.04.25 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ashampoo [2011.01.07 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DAEMON Tools Lite [2011.07.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Day 1 Studios [2011.08.01 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoft [2011.06.07 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.20 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\GameRanger [2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze [2011.07.22 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\ICQ [2011.01.27 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Leadertech [2011.01.16 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\mp3DirectCut [2011.05.07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\OpenOffice.org [2011.04.20 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\PunkBuster [2011.04.10 02:57:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Software4u [2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.08 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\TS3Client [2011.04.15 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ubisoft [2011.07.24 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Utherverse [2011.10.14 15:38:12 | 000,032,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.17 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\.minecraft [2011.09.28 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Adobe [2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Adobe Mini Bridge CS5 [2011.01.14 14:25:04 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Apple Computer [2011.04.25 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ashampoo [2011.12.20 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Avira [2011.04.15 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Corel [2011.01.07 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DAEMON Tools Lite [2011.07.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Day 1 Studios [2011.08.01 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoft [2011.06.07 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.20 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\GameRanger [2011.12.20 03:51:28 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Google [2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze [2011.02.14 03:14:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\HP [2011.07.22 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\ICQ [2011.01.05 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Identities [2011.01.05 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\InstallShield [2011.01.05 20:25:29 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Intel Corporation [2011.01.27 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Leadertech [2011.01.06 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Macromedia [2011.12.20 02:48:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Malwarebytes [2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Media Center Programs [2011.08.29 03:45:47 | 000,000,000 | --SD | M] -- C:\Users\Rambo\AppData\Roaming\Microsoft [2011.11.02 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Mozilla [2011.01.16 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\mp3DirectCut [2011.11.10 05:21:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\NVIDIA [2011.05.07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\OpenOffice.org [2011.04.20 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\PunkBuster [2011.01.09 18:23:08 | 000,000,000 | RH-D | M] -- C:\Users\Rambo\AppData\Roaming\SecuROM [2011.04.10 02:57:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Software4u [2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.08 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\TS3Client [2011.04.15 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ubisoft [2011.07.24 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Utherverse [2011.11.28 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\vlc [2011.01.06 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.01.31 10:41:54 | 000,810,496 | ---- | M] (Synatix GmbH) -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\uninstall.exe [2011.01.27 16:29:20 | 001,020,928 | ---- | M] (Synatix GmbH) -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\ytdl.exe [2011.08.29 03:45:47 | 000,010,134 | R--- | M] () -- C:\Users\Rambo\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Rambo\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
21.12.2011, 15:51
| #8 |
| | Bundespolizeivirus Was ist eigentlich Gutscheinmieze?? |
|
21.12.2011, 18:11
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus Das ist Müll. Hast du dir wahrscheinlich beim Installieren von irgendeinem Programm eingehandelt mit der Methode: Augen zu und durch! Man muss bei jeder Softwareinstallation alles genau durchlesen und die benutzerdefinierte Methode nehmen, damit man so einen Müll wie Gutscheinmieze oder Toolbars abwählen kann. Und Finger lässt man auch von so einem Schrott wie Softonic!  Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.12.2011, 18:30
| #10 |
| | Bundespolizeivirus Das ist schon etwas länger her hatte die Testversion für 30 Tage.. Mittlerweile nicht mehr benutzbar, hatte es aus der offiziellen Seite |
|
21.12.2011, 19:00
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2011.12.15 19:44:06 | 000,001,052 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml
[2011.07.08 16:01:21 | 000,003,930 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell - "" = AutoRun
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell\AutoRun\command - "" = F:\Autorun.exe
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
[2011.12.11 14:20:36 | 000,017,200 | ---- | M] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc
[2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze
:Files
C:\Users\Rambo\AppData\Local\{*
C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.12.2011, 21:08
| #12 |
| | BundespolizeivirusCode:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml not found.
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml not found.
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
File E:\Run.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeCS4ServiceManager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeCS5ServiceManager\ not found.
File C:\Users\Rambo\Desktop\vagigidihe.dlc not found.
Folder C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\ not found.
========== FILES ==========
File\Folder C:\Users\Rambo\AppData\Local\{* not found.
File\Folder C:\Program Files\Bonjour not found.
File\Folder C:\Program Files (x86)\Bonjour not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Rambo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1065094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6482353 bytes
->Flash cache emptied: 343 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12212011_215809
Files\Folders moved on Reboot...
File\Folder C:\Users\Rambo\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
 habs dann halt nochmal wiederholtsteht deshalb bei den meisten "not found!"? :S |
|
21.12.2011, 21:20
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.12.2011, 21:33
| #14 |
| | BundespolizeivirusCode:
ATTFilter 22:30:18.0265 1300 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:30:18.0385 1300 ============================================================
22:30:18.0385 1300 Current date / time: 2011/12/21 22:30:18.0385
22:30:18.0385 1300 SystemInfo:
22:30:18.0385 1300
22:30:18.0385 1300 OS Version: 6.1.7601 ServicePack: 1.0
22:30:18.0385 1300 Product type: Workstation
22:30:18.0385 1300 ComputerName: RAMBO-PC
22:30:18.0385 1300 UserName: Rambo
22:30:18.0385 1300 Windows directory: C:\Windows
22:30:18.0385 1300 System windows directory: C:\Windows
22:30:18.0385 1300 Running under WOW64
22:30:18.0385 1300 Processor architecture: Intel x64
22:30:18.0385 1300 Number of processors: 4
22:30:18.0385 1300 Page size: 0x1000
22:30:18.0385 1300 Boot type: Normal boot
22:30:18.0385 1300 ============================================================
22:30:19.0721 1300 Initialize success
22:31:04.0244 4680 ============================================================
22:31:04.0244 4680 Scan started
22:31:04.0244 4680 Mode: Manual; SigCheck; TDLFS;
22:31:04.0244 4680 ============================================================
22:31:04.0443 4680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:31:04.0521 4680 1394ohci - ok
22:31:04.0540 4680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:31:04.0554 4680 ACPI - ok
22:31:04.0581 4680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:31:04.0614 4680 AcpiPmi - ok
22:31:04.0644 4680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:04.0670 4680 adp94xx - ok
22:31:04.0696 4680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:31:04.0719 4680 adpahci - ok
22:31:04.0742 4680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:31:04.0760 4680 adpu320 - ok
22:31:04.0825 4680 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:31:04.0902 4680 AFD - ok
22:31:04.0913 4680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:31:04.0933 4680 agp440 - ok
22:31:04.0965 4680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:31:04.0983 4680 aliide - ok
22:31:05.0004 4680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:31:05.0022 4680 amdide - ok
22:31:05.0040 4680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:31:05.0107 4680 AmdK8 - ok
22:31:05.0124 4680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:31:05.0175 4680 AmdPPM - ok
22:31:05.0186 4680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:31:05.0208 4680 amdsata - ok
22:31:05.0241 4680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:05.0266 4680 amdsbs - ok
22:31:05.0287 4680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:31:05.0299 4680 amdxata - ok
22:31:05.0369 4680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:31:05.0422 4680 AppID - ok
22:31:05.0470 4680 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
22:31:05.0517 4680 AppleCharger - ok
22:31:05.0557 4680 appliandMP - ok
22:31:05.0575 4680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:31:05.0594 4680 arc - ok
22:31:05.0610 4680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:31:05.0629 4680 arcsas - ok
22:31:05.0653 4680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:05.0722 4680 AsyncMac - ok
22:31:05.0762 4680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:31:05.0771 4680 atapi - ok
22:31:05.0811 4680 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:31:05.0833 4680 avgntflt - ok
22:31:05.0850 4680 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
22:31:05.0871 4680 avipbb - ok
22:31:05.0895 4680 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:31:05.0911 4680 avkmgr - ok
22:31:05.0946 4680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:31:06.0029 4680 b06bdrv - ok
22:31:06.0075 4680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:31:06.0130 4680 b57nd60a - ok
22:31:06.0179 4680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:31:06.0261 4680 Beep - ok
22:31:06.0305 4680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:06.0319 4680 blbdrive - ok
22:31:06.0351 4680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:31:06.0367 4680 bowser - ok
22:31:06.0384 4680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:06.0428 4680 BrFiltLo - ok
22:31:06.0458 4680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:06.0492 4680 BrFiltUp - ok
22:31:06.0521 4680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:31:06.0557 4680 Brserid - ok
22:31:06.0573 4680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:06.0604 4680 BrSerWdm - ok
22:31:06.0619 4680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:06.0651 4680 BrUsbMdm - ok
22:31:06.0682 4680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:06.0697 4680 BrUsbSer - ok
22:31:06.0729 4680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:06.0760 4680 BTHMODEM - ok
22:31:06.0791 4680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:06.0838 4680 cdfs - ok
22:31:06.0885 4680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:06.0936 4680 cdrom - ok
22:31:06.0967 4680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:31:07.0027 4680 circlass - ok
22:31:07.0060 4680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:31:07.0083 4680 CLFS - ok
22:31:07.0118 4680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:07.0134 4680 CmBatt - ok
22:31:07.0167 4680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:31:07.0180 4680 cmdide - ok
22:31:07.0224 4680 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:31:07.0272 4680 CNG - ok
22:31:07.0297 4680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:07.0306 4680 Compbatt - ok
22:31:07.0336 4680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:31:07.0391 4680 CompositeBus - ok
22:31:07.0433 4680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:07.0454 4680 crcdisk - ok
22:31:07.0523 4680 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:31:07.0581 4680 CSC - ok
22:31:07.0656 4680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:31:07.0727 4680 DfsC - ok
22:31:07.0737 4680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:31:07.0765 4680 discache - ok
22:31:07.0790 4680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:31:07.0801 4680 Disk - ok
22:31:07.0852 4680 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:31:07.0898 4680 Dot4 - ok
22:31:07.0933 4680 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
22:31:07.0970 4680 Dot4Print - ok
22:31:08.0005 4680 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:31:08.0046 4680 dot4usb - ok
22:31:08.0079 4680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:31:08.0104 4680 drmkaud - ok
22:31:08.0166 4680 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:31:08.0183 4680 dtsoftbus01 - ok
22:31:08.0244 4680 dump_wmimmc - ok
22:31:08.0297 4680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:08.0336 4680 DXGKrnl - ok
22:31:08.0369 4680 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:08.0387 4680 E1G60 - ok
22:31:08.0418 4680 EagleX64 - ok
22:31:08.0499 4680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:31:08.0643 4680 ebdrv - ok
22:31:08.0695 4680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:31:08.0715 4680 elxstor - ok
22:31:08.0746 4680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:31:08.0792 4680 ErrDev - ok
22:31:08.0823 4680 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
22:31:08.0838 4680 etdrv - ok
22:31:08.0865 4680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:08.0918 4680 exfat - ok
22:31:08.0938 4680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:08.0998 4680 fastfat - ok
22:31:09.0021 4680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:31:09.0033 4680 fdc - ok
22:31:09.0068 4680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:09.0078 4680 FileInfo - ok
22:31:09.0081 4680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:09.0127 4680 Filetrace - ok
22:31:09.0143 4680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:09.0159 4680 flpydisk - ok
22:31:09.0190 4680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:31:09.0221 4680 FltMgr - ok
22:31:09.0252 4680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:09.0252 4680 FsDepends - ok
22:31:09.0268 4680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:09.0283 4680 Fs_Rec - ok
22:31:09.0315 4680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:09.0346 4680 fvevol - ok
22:31:09.0377 4680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:09.0393 4680 gagp30kx - ok
22:31:09.0424 4680 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
22:31:09.0439 4680 gdrv - ok
22:31:09.0471 4680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:09.0486 4680 GEARAspiWDM - ok
22:31:09.0530 4680 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
22:31:09.0549 4680 GVTDrv64 - ok
22:31:09.0566 4680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:09.0631 4680 hcw85cir - ok
22:31:09.0697 4680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:31:09.0740 4680 HdAudAddService - ok
22:31:09.0763 4680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:31:09.0798 4680 HDAudBus - ok
22:31:09.0819 4680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:09.0852 4680 HidBatt - ok
22:31:09.0872 4680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:31:09.0915 4680 HidBth - ok
22:31:09.0934 4680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:31:09.0980 4680 HidIr - ok
22:31:10.0018 4680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:10.0044 4680 HidUsb - ok
22:31:10.0073 4680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:31:10.0097 4680 HpSAMD - ok
22:31:10.0153 4680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:31:10.0253 4680 HTTP - ok
22:31:10.0291 4680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:31:10.0299 4680 hwpolicy - ok
22:31:10.0322 4680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:31:10.0337 4680 i8042prt - ok
22:31:10.0361 4680 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
22:31:10.0374 4680 iaStor - ok
22:31:10.0396 4680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:31:10.0421 4680 iaStorV - ok
22:31:10.0448 4680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:31:10.0464 4680 iirsp - ok
22:31:10.0541 4680 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
22:31:10.0603 4680 IntcAzAudAddService - ok
22:31:10.0634 4680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:31:10.0634 4680 intelide - ok
22:31:10.0673 4680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:10.0700 4680 intelppm - ok
22:31:10.0736 4680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:10.0801 4680 IpFilterDriver - ok
22:31:10.0812 4680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:31:10.0829 4680 IPMIDRV - ok
22:31:10.0852 4680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:10.0897 4680 IPNAT - ok
22:31:10.0917 4680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:10.0933 4680 IRENUM - ok
22:31:10.0955 4680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:31:10.0964 4680 isapnp - ok
22:31:10.0973 4680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:31:10.0989 4680 iScsiPrt - ok
22:31:11.0016 4680 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
22:31:11.0026 4680 JRAID - ok
22:31:11.0047 4680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:31:11.0057 4680 kbdclass - ok
22:31:11.0135 4680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:31:11.0156 4680 kbdhid - ok
22:31:11.0175 4680 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:31:11.0191 4680 KSecDD - ok
22:31:11.0227 4680 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:11.0245 4680 KSecPkg - ok
22:31:11.0261 4680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:11.0303 4680 ksthunk - ok
22:31:11.0337 4680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:11.0398 4680 lltdio - ok
22:31:11.0423 4680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:11.0436 4680 LSI_FC - ok
22:31:11.0455 4680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:11.0467 4680 LSI_SAS - ok
22:31:11.0490 4680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:11.0501 4680 LSI_SAS2 - ok
22:31:11.0518 4680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:11.0530 4680 LSI_SCSI - ok
22:31:11.0545 4680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:11.0592 4680 luafv - ok
22:31:11.0617 4680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:31:11.0627 4680 megasas - ok
22:31:11.0653 4680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:11.0669 4680 MegaSR - ok
22:31:11.0685 4680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:11.0732 4680 Modem - ok
22:31:11.0763 4680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:11.0794 4680 monitor - ok
22:31:11.0825 4680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:11.0841 4680 mouclass - ok
22:31:11.0857 4680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:11.0872 4680 mouhid - ok
22:31:11.0903 4680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:31:11.0919 4680 mountmgr - ok
22:31:11.0950 4680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:31:11.0981 4680 mpio - ok
22:31:12.0099 4680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:12.0153 4680 mpsdrv - ok
22:31:12.0192 4680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:31:12.0269 4680 MRxDAV - ok
22:31:12.0307 4680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:12.0331 4680 mrxsmb - ok
22:31:12.0360 4680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:12.0388 4680 mrxsmb10 - ok
22:31:12.0406 4680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:12.0428 4680 mrxsmb20 - ok
22:31:12.0449 4680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:31:12.0464 4680 msahci - ok
22:31:12.0493 4680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:31:12.0514 4680 msdsm - ok
22:31:12.0531 4680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:12.0571 4680 Msfs - ok
22:31:12.0593 4680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:12.0638 4680 mshidkmdf - ok
22:31:12.0658 4680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:31:12.0669 4680 msisadrv - ok
22:31:12.0688 4680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:12.0723 4680 MSKSSRV - ok
22:31:12.0737 4680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:12.0764 4680 MSPCLOCK - ok
22:31:12.0773 4680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:12.0806 4680 MSPQM - ok
22:31:12.0851 4680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:31:12.0870 4680 MsRPC - ok
22:31:12.0897 4680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:31:12.0906 4680 mssmbios - ok
22:31:12.0928 4680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:12.0966 4680 MSTEE - ok
22:31:12.0984 4680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:13.0002 4680 MTConfig - ok
22:31:13.0030 4680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:13.0045 4680 Mup - ok
22:31:13.0086 4680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:13.0127 4680 NativeWifiP - ok
22:31:13.0166 4680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:31:13.0191 4680 NDIS - ok
22:31:13.0208 4680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:13.0239 4680 NdisCap - ok
22:31:13.0261 4680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:13.0287 4680 NdisTapi - ok
22:31:13.0318 4680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:13.0346 4680 Ndisuio - ok
22:31:13.0383 4680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:13.0432 4680 NdisWan - ok
22:31:13.0460 4680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:31:13.0525 4680 NDProxy - ok
22:31:13.0570 4680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:13.0626 4680 NetBIOS - ok
22:31:13.0655 4680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:31:13.0690 4680 NetBT - ok
22:31:13.0718 4680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:13.0729 4680 nfrd960 - ok
22:31:13.0755 4680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:13.0802 4680 Npfs - ok
22:31:13.0834 4680 NPPTNT2 - ok
22:31:13.0855 4680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:13.0915 4680 nsiproxy - ok
22:31:13.0964 4680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:31:14.0023 4680 Ntfs - ok
22:31:14.0033 4680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:14.0068 4680 Null - ok
22:31:14.0095 4680 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:31:14.0108 4680 nusb3hub - ok
22:31:14.0137 4680 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:31:14.0151 4680 nusb3xhc - ok
22:31:14.0181 4680 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
22:31:14.0194 4680 NVHDA - ok
22:31:14.0413 4680 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:31:14.0537 4680 nvlddmkm - ok
22:31:14.0569 4680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:31:14.0584 4680 nvraid - ok
22:31:14.0620 4680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:31:14.0633 4680 nvstor - ok
22:31:14.0693 4680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:31:14.0718 4680 nv_agp - ok
22:31:14.0757 4680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:31:14.0792 4680 ohci1394 - ok
22:31:14.0831 4680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:31:14.0853 4680 Parport - ok
22:31:14.0876 4680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:31:14.0895 4680 partmgr - ok
22:31:14.0922 4680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:31:14.0946 4680 pci - ok
22:31:14.0970 4680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:31:14.0985 4680 pciide - ok
22:31:15.0087 4680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:15.0118 4680 pcmcia - ok
22:31:15.0139 4680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:15.0160 4680 pcw - ok
22:31:15.0192 4680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:15.0267 4680 PEAUTH - ok
22:31:15.0363 4680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:15.0433 4680 PptpMiniport - ok
22:31:15.0457 4680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:31:15.0493 4680 Processor - ok
22:31:15.0539 4680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:31:15.0599 4680 Psched - ok
22:31:15.0640 4680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:31:15.0702 4680 ql2300 - ok
22:31:15.0718 4680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:15.0733 4680 ql40xx - ok
22:31:15.0769 4680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:31:15.0797 4680 QWAVEdrv - ok
22:31:15.0824 4680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:15.0877 4680 RasAcd - ok
22:31:15.0917 4680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:15.0966 4680 RasAgileVpn - ok
22:31:15.0999 4680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:16.0037 4680 Rasl2tp - ok
22:31:16.0056 4680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:16.0085 4680 RasPppoe - ok
22:31:16.0101 4680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:16.0130 4680 RasSstp - ok
22:31:16.0166 4680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:16.0207 4680 rdbss - ok
22:31:16.0219 4680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:16.0234 4680 rdpbus - ok
22:31:16.0261 4680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:16.0287 4680 RDPCDD - ok
22:31:16.0323 4680 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:31:16.0364 4680 RDPDR - ok
22:31:16.0388 4680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:31:16.0444 4680 RDPENCDD - ok
22:31:16.0464 4680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:31:16.0489 4680 RDPREFMP - ok
22:31:16.0525 4680 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:31:16.0548 4680 RdpVideoMiniport - ok
22:31:16.0588 4680 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:31:16.0645 4680 RDPWD - ok
22:31:16.0674 4680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:31:16.0693 4680 rdyboost - ok
22:31:16.0718 4680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:16.0765 4680 rspndr - ok
22:31:16.0813 4680 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:31:16.0833 4680 RTL8167 - ok
22:31:16.0885 4680 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
22:31:16.0932 4680 RTL8187 - ok
22:31:16.0960 4680 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:31:17.0010 4680 s3cap - ok
22:31:17.0056 4680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:31:17.0082 4680 sbp2port - ok
22:31:17.0128 4680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:31:17.0185 4680 scfilter - ok
22:31:17.0212 4680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:17.0257 4680 secdrv - ok
22:31:17.0280 4680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:31:17.0306 4680 Serenum - ok
22:31:17.0326 4680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:31:17.0353 4680 Serial - ok
22:31:17.0397 4680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:31:17.0441 4680 sermouse - ok
22:31:17.0480 4680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:31:17.0510 4680 sffdisk - ok
22:31:17.0531 4680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:17.0563 4680 sffp_mmc - ok
22:31:17.0573 4680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:31:17.0599 4680 sffp_sd - ok
22:31:17.0622 4680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:17.0661 4680 sfloppy - ok
22:31:17.0707 4680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:17.0723 4680 SiSRaid2 - ok
22:31:17.0745 4680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:17.0762 4680 SiSRaid4 - ok
22:31:17.0796 4680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:31:17.0839 4680 Smb - ok
22:31:17.0852 4680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:31:17.0861 4680 spldr - ok
22:31:17.0908 4680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:31:17.0945 4680 srv - ok
22:31:17.0969 4680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:31:18.0004 4680 srv2 - ok
22:31:18.0030 4680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:18.0060 4680 srvnet - ok
22:31:18.0117 4680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:31:18.0132 4680 stexstor - ok
22:31:18.0164 4680 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:31:18.0180 4680 storflt - ok
22:31:18.0195 4680 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:31:18.0211 4680 storvsc - ok
22:31:18.0211 4680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:31:18.0227 4680 swenum - ok
22:31:18.0258 4680 Synth3dVsc - ok
22:31:18.0273 4680 TBPanel - ok
22:31:18.0352 4680 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:31:18.0445 4680 Tcpip - ok
22:31:18.0477 4680 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:18.0500 4680 TCPIP6 - ok
22:31:18.0530 4680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:31:18.0594 4680 tcpipreg - ok
22:31:18.0619 4680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:31:18.0692 4680 TDPIPE - ok
22:31:18.0702 4680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:31:18.0771 4680 TDTCP - ok
22:31:18.0804 4680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:31:18.0831 4680 tdx - ok
22:31:18.0852 4680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:31:18.0863 4680 TermDD - ok
22:31:18.0897 4680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:18.0955 4680 tssecsrv - ok
22:31:18.0987 4680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:31:19.0013 4680 TsUsbFlt - ok
22:31:19.0021 4680 tsusbhub - ok
22:31:19.0048 4680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:19.0087 4680 tunnel - ok
22:31:19.0097 4680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:31:19.0108 4680 uagp35 - ok
22:31:19.0143 4680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:31:19.0189 4680 udfs - ok
22:31:19.0213 4680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:31:19.0225 4680 uliagpkx - ok
22:31:19.0242 4680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:31:19.0255 4680 umbus - ok
22:31:19.0273 4680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:31:19.0293 4680 UmPass - ok
22:31:19.0328 4680 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:31:19.0359 4680 USBAAPL64 - ok
22:31:19.0375 4680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:19.0390 4680 usbccgp - ok
22:31:19.0437 4680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:31:19.0484 4680 usbcir - ok
22:31:19.0499 4680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:31:19.0546 4680 usbehci - ok
22:31:19.0562 4680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:19.0593 4680 usbhub - ok
22:31:19.0609 4680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:31:19.0624 4680 usbohci - ok
22:31:19.0671 4680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:19.0687 4680 usbprint - ok
22:31:19.0727 4680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:31:19.0766 4680 usbscan - ok
22:31:19.0795 4680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:19.0834 4680 USBSTOR - ok
22:31:19.0851 4680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:31:19.0873 4680 usbuhci - ok
22:31:19.0896 4680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:31:19.0915 4680 vdrvroot - ok
22:31:19.0937 4680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:19.0963 4680 vga - ok
22:31:19.0979 4680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:31:20.0013 4680 VgaSave - ok
22:31:20.0021 4680 VGPU - ok
22:31:20.0054 4680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:31:20.0084 4680 vhdmp - ok
22:31:20.0220 4680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:31:20.0240 4680 viaide - ok
22:31:20.0267 4680 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:31:20.0299 4680 vmbus - ok
22:31:20.0321 4680 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:31:20.0345 4680 VMBusHID - ok
22:31:20.0372 4680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:31:20.0387 4680 volmgr - ok
22:31:20.0424 4680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:31:20.0458 4680 volmgrx - ok
22:31:20.0478 4680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:31:20.0501 4680 volsnap - ok
22:31:20.0537 4680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:31:20.0564 4680 vsmraid - ok
22:31:20.0591 4680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:31:20.0624 4680 vwifibus - ok
22:31:20.0647 4680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:20.0671 4680 vwififlt - ok
22:31:20.0692 4680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:31:20.0710 4680 WacomPen - ok
22:31:20.0742 4680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:20.0773 4680 WANARP - ok
22:31:20.0789 4680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:20.0804 4680 Wanarpv6 - ok
22:31:20.0836 4680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:31:20.0851 4680 Wd - ok
22:31:20.0882 4680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:31:20.0906 4680 Wdf01000 - ok
22:31:20.0943 4680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:20.0969 4680 WfpLwf - ok
22:31:20.0979 4680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:31:20.0989 4680 WIMMount - ok
22:31:21.0023 4680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:21.0057 4680 WinUsb - ok
22:31:21.0098 4680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:31:21.0115 4680 WmiAcpi - ok
22:31:21.0140 4680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:21.0193 4680 ws2ifsl - ok
22:31:21.0240 4680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:31:21.0301 4680 WudfPf - ok
22:31:21.0354 4680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:21.0414 4680 WUDFRd - ok
22:31:21.0442 4680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:31:21.0557 4680 \Device\Harddisk0\DR0 - ok
22:31:21.0561 4680 Boot (0x1200) (111b889059f59baf2a027ab8e8a9aeb0) \Device\Harddisk0\DR0\Partition0
22:31:21.0563 4680 \Device\Harddisk0\DR0\Partition0 - ok
22:31:21.0606 4680 Boot (0x1200) (178ed5e6bcd287522d36e7062ee7a2cb) \Device\Harddisk0\DR0\Partition1
22:31:21.0608 4680 \Device\Harddisk0\DR0\Partition1 - ok
22:31:21.0633 4680 Boot (0x1200) (a1c62e14465ae65a96c7356efa71d9c7) \Device\Harddisk0\DR0\Partition2
22:31:21.0635 4680 \Device\Harddisk0\DR0\Partition2 - ok
22:31:21.0635 4680 ============================================================
22:31:21.0635 4680 Scan finished
22:31:21.0636 4680 ============================================================
22:31:21.0648 1664 Detected object count: 0
22:31:21.0648 1664 Actual detected object count: 0
|
|
22.12.2011, 07:03
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizeivirus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
| Themen zu Bundespolizeivirus |
| anti-malware, antivir, appdata, code, dateien, defender, dll, exploit.drop.2, explorer, google, löschen, malwarebytes, microsoft, namen, rechner, registry, roaming, rundll, rundll32.exe, searchscopes, setup, software, temp, trojan.agent.ge, trojan.vundo, viren, virusscan, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
