| |
| |||||||
Log-Analyse und Auswertung: Windows blockiert - 50€ TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
07.01.2012, 21:04
| #1 |
 |  Windows blockiert - 50€ Trojaner Hallöchen Zusammen, auf der Suche nach der Lösung meines Problems, bin ich auf dieses klasse Forum gestoßen. Auf dem Laptop einer Freundin ist der besagte: "50€-Trojaner". Dieser blockiert Windows. Man wird aufgefordert ein Upgrade für 50€ zu kaufen, um Windows weiter benutzen zu können. Ich habe mich bereits um gesehen... Ich habe dazu vor ab eine Frage: Im abgesicherten Modus mit Netzwerktreibern erkennt das System meinen Webstick nicht als Modem. Damit geh ich aber ins Internet und komme somit NICHT ins Internet. Ich kann mir die genannten Programme nicht runterladen und auf´m Desktop speichern. Als Möglichkeit sehe ich die Programme durch einen Stick auf dem infizierten PC zu speichern bzw sie direkt vom Stick zu starten. Ginge das auch? Ich habe die Scanns noch nicht durchgeführt. Vielen Dank vorab! Gruß aus Berlin |
|
09.01.2012, 11:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows blockiert - 50€ TrojanerZitat:
__________________ |
|
10.01.2012, 21:29
| #3 |
| | Windows blockiert - 50€ Trojaner Danke für die Antwort.
__________________Ich konnte mit dem infiniziertem Rechner ins Internet. Jetzt erstellt mir OTL die "Extra"-Datei nicht mehr. Hatte es ja schon mal durchlaufen lassen. Da wurden zwei Datein erstellt, jetzt leider nur noch das Scanergebnis. Mach ich was falsch oder wo könnte das Problem liegen? |
|
10.01.2012, 21:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert - 50€ Trojaner Die alte extras.txt genügt auch. Zur Not auch nur die OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.01.2012, 17:56
| #5 | |
| | Windows blockiert - 50€ TrojanerZitat:
ick Nase hatte die genannten Programme zwar runtergeladen, aber im normalen Modus nicht im abgesicherten mit Netzwerktreibern. Im abgesichertem Modus waren die Programme nicht mehr auf´m Desktop. Daher hab ich alles vom Stick geladen. Anbei die Datein, jedoch wie schon erwähnt ohne die '"Extra"-Datein von OTL, eine alte hab ich leider auch nicht mehr :-/ Ich scheine mich ziemlich glatt an zu stellen ... mit 7-Zip hat auch nicht so richtig gefunzt. Hoffe .rar-Datei ist auch ok.!?  im Voraus |
|
11.01.2012, 18:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert - 50€ Trojaner Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Windows blockiert - 50€ Trojaner |
|
11.01.2012, 23:15
| #7 |
| | Windows blockiert - 50€ Trojaner Nabend, ich hab mal alles durch gearbeitet. Hoffe ich hab alles richtig gemacht. Zur Not hab ich die Anhängseln ran gemacht ... vor abCode:
ATTFilter Datenbank Version: v2012.01.11.06
Windows Vista Service Pack 2 x86 FAT
Internet Explorer 9.0.8112.16421
Jenny :: JENNY-PC [Administrator]
Schutz: Aktiviert
11.01.2012 19:04:00
mbam-log-2012-01-11 (20-16-27).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336920
Laufzeit: 1 Stunde(n), 9 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Daten: C:\Users\Jenny\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter Datenbank Version: v2012.01.11.06
Windows Vista Service Pack 2 x86 FAT
Internet Explorer 9.0.8112.16421
Jenny :: JENNY-PC [Administrator]
Schutz: Aktiviert
11.01.2012 19:04:00
mbam-log-2012-01-11 (19-04-00).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336920
Laufzeit: 1 Stunde(n), 9 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Daten: C:\Users\Jenny\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d9ef1d72dcfe674f9e1aeb0196b23913
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-11 08:58:57
# local_time=2012-01-11 09:58:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 26711 101825879 79961 0
# compatibility_mode=5892 16776573 100 100 4409 163843300 0 0
# compatibility_mode=8192 67108863 100 0 3918 3918 0 0
# scanned=144022
# found=2
# cleaned=0
# scan_time=4965
C:\Users\Jenny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
|
|
12.01.2012, 18:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert - 50€ Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.01.2012, 21:11
| #9 |
| | Windows blockiert - 50€ Trojaner Nabend Arne, hier die OTL.txt Code:
ATTFilter OTL logfile created on: 12.01.2012 20:48:45 - Run 10 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,07% Memory free 6,19 Gb Paging File | 4,92 Gb Available in Paging File | 79,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 84,70 Gb Free Space | 56,83% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 139,16 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive F: | 978,73 Mb Total Space | 965,89 Mb Free Space | 98,69% Space Free | Partition Type: FAT Computer Name: JENNY-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.10 19:22:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.10 02:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.09.18 01:05:08 | 000,040,960 | ---- | M] ( ) -- C:\Program Files\ASUS\ATK Media\GPSWATCH.EXE PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.05.24 06:06:56 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMEDIA.EXE PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2009.10.23 17:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ========== Win32 Services (SafeList) ========== SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.03.18 05:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.07 18:24:11 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.25 09:30:59 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.22 03:21:07 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.07.08 11:32:51 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.06.25 06:05:05 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER) DRV - [2008.04.06 03:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.01 08:13:57 | 001,807,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.03.21 05:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) [2012.01.06 15:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.10.14 21:10:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{519FCBD7-0111-42B0-836E-4CC3EE2C5515}: DhcpNameServer = 192.168.2.1 213.191.92.86 62.109.123.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75546297-CFB9-400E-AA66-A02D5961D71A}: DhcpNameServer = 192.168.2.1 213.191.74.18 62.109.123.196 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\Shell - "" = AutoRun O33 - MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe () MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files\ATKOSD2\ATKOSD2.exe () MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: EPSON Stylus SX200 Series - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: HControlUser - hkey= - key= - C:\Program Files\ATK Hotkey\HcontrolUser.exe () MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NSSInstallation - hkey= - key= - C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.11 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple [2012.01.11 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ASUS [2012.01.11 20:45:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ASUS [2012.01.11 20:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.10 19:21:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.01.10 17:55:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2012.01.10 17:55:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2012.01.10 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012.01.09 21:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.09 21:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.09 21:40:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.09 21:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.09 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2012.01.09 21:14:26 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.01.09 21:14:26 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2012.01.09 21:14:26 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.01.09 21:14:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2012.01.09 21:14:05 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2012.01.09 21:12:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf [2012.01.09 21:12:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2012.01.09 21:12:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen [2012.01.09 21:12:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2012.01.09 21:12:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten [2012.01.09 21:12:34 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2012.01.09 21:12:34 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.01.09 21:12:34 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2012.01.09 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2012.01.09 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help [2012.01.09 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2012.01.09 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2012.01.09 21:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite [2012.01.07 20:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.01.06 14:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2012.01.06 14:11:34 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2012.01.06 14:11:34 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2012.01.06 14:11:34 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys [2012.01.06 14:11:34 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2012.01.06 14:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner [2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2012.01.12 20:37:22 | 000,084,229 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.01.12 20:37:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.01.12 20:37:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.12 20:37:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.12 20:37:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.12 20:37:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.12 20:31:15 | 000,005,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 20:31:15 | 000,005,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 20:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.12 20:30:36 | 3220,353,024 | -HS- | M] () -- C:\hiberfil.sys [2012.01.11 23:29:54 | 278,969,814 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.11 14:20:58 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2012.01.10 21:30:23 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.01.10 19:24:06 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable [2012.01.10 19:22:27 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe [2012.01.10 19:22:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.01.10 19:21:43 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe [2012.01.10 19:16:16 | 000,084,229 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.01.09 21:40:59 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.06 19:06:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.01.06 19:06:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.01.06 14:11:38 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.12.16 13:25:04 | 000,371,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.01.11 20:22:05 | 3220,353,024 | -HS- | C] () -- C:\hiberfil.sys [2012.01.11 14:20:57 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2012.01.10 21:30:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.01.10 19:24:06 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable [2012.01.10 19:22:26 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe [2012.01.10 19:21:43 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe [2012.01.09 21:40:59 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.09 21:14:34 | 000,000,956 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.01.09 21:14:25 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.01.09 21:14:04 | 000,000,922 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.01.07 20:37:22 | 278,969,814 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.01.06 19:06:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.01.06 19:06:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.06 14:11:38 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.05.19 21:39:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.06 00:51:53 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.10.24 15:21:08 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.10.24 15:21:08 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.10.24 15:21:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.10.24 15:21:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.10.24 15:21:08 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.10.24 15:21:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.10.24 15:21:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.10.24 15:21:08 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.10.24 15:21:08 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.10.24 15:21:08 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.10.24 15:21:08 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.10.24 15:21:07 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.10.24 15:21:07 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.10.24 15:21:07 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.10.24 15:21:07 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.10.24 15:21:07 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.10.24 15:21:07 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.10.24 15:21:07 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.10.24 15:21:07 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.10.24 15:15:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini [2009.08.22 16:03:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.22 16:03:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.23 00:21:22 | 000,084,229 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.23 00:16:28 | 000,084,229 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.11 00:58:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.11.11 00:53:57 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2008.11.11 00:39:22 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.11.10 23:39:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.16 12:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 12:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.04.07 07:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll [2008.04.01 08:13:57 | 001,807,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.05.09 08:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,371,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2011.02.08 00:22:56 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job [2012.01.11 23:42:19 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.10 17:55:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe [2012.01.09 21:15:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2012.01.09 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities [2012.01.10 17:55:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2012.01.10 17:52:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2012.01.11 14:22:18 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > im Voraus |
|
12.01.2012, 21:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert - 50€ Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\Shell - "" = AutoRun
O33 - MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.01.2012, 21:57
| #11 | |
| | Windows blockiert - 50€ TrojanerZitat:
Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33058186-3ba9-11e1-a0a1-98196e7d17cf}\ not found.
File G:\AutoRun.exe :Commands not found.
File ptytemp] not found.
File sethosts] not found.
OTL by OldTimer - Version 3.2.31.0 log created on 01122012_214921
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
12.01.2012, 22:17
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows blockiert - 50€ TrojanerZitat:
Damit ist eigentlich beides beantwortet wenn ich vorher schon poste Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.01.2012, 22:26
| #13 |
| | Windows blockiert - 50€ Trojaner TDSS-Killer hab ich bereits gefunden Geändert von Sunshine_Mel (12.01.2012 um 22:38 Uhr) Grund: Frage hat sich erübrigt |
|
12.01.2012, 23:08
| #14 | ||
| | Windows blockiert - 50€ TrojanerZitat:
|
|
12.01.2012, 23:35
| #15 | |||
| | Windows blockiert - 50€ TrojanerZitat:
Ich kann auf dieser Seite nichts posten. Daher unten als CODE. Zitat:
Zitat:
TDSS-LOG Code:
ATTFilter 23:11:20.0326 5740 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
23:11:20.0404 5740 ============================================================
23:11:20.0404 5740 Current date / time: 2012/01/12 23:11:20.0404
23:11:20.0404 5740 SystemInfo:
23:11:20.0404 5740
23:11:20.0404 5740 OS Version: 6.0.6002 ServicePack: 2.0
23:11:20.0404 5740 Product type: Workstation
23:11:20.0404 5740 ComputerName: JENNY-PC
23:11:20.0404 5740 UserName: Jenny
23:11:20.0404 5740 Windows directory: C:\Windows
23:11:20.0404 5740 System windows directory: C:\Windows
23:11:20.0404 5740 Processor architecture: Intel x86
23:11:20.0404 5740 Number of processors: 2
23:11:20.0404 5740 Page size: 0x1000
23:11:20.0404 5740 Boot type: Normal boot
23:11:20.0404 5740 ============================================================
23:11:21.0652 5740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
23:11:21.0668 5740 Drive \Device\Harddisk1\DR4 - Size: 0x3D2FFE00, SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:11:21.0871 5740 Initialize success
23:11:39.0343 5856 ============================================================
23:11:39.0343 5856 Scan started
23:11:39.0343 5856 Mode: Manual; SigCheck; TDLFS;
23:11:39.0343 5856 ============================================================
23:11:39.0936 5856 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:11:40.0154 5856 ACPI - ok
23:11:40.0201 5856 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:11:40.0232 5856 adp94xx - ok
23:11:40.0263 5856 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:11:40.0294 5856 adpahci - ok
23:11:40.0326 5856 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:11:40.0357 5856 adpu160m - ok
23:11:40.0388 5856 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:11:40.0404 5856 adpu320 - ok
23:11:40.0528 5856 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:11:40.0606 5856 AFD - ok
23:11:40.0950 5856 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
23:11:41.0090 5856 AgereSoftModem - ok
23:11:41.0293 5856 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:11:41.0324 5856 agp440 - ok
23:11:41.0386 5856 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:11:41.0402 5856 aic78xx - ok
23:11:41.0449 5856 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:11:41.0480 5856 aliide - ok
23:11:41.0542 5856 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:11:41.0558 5856 amdagp - ok
23:11:41.0589 5856 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:11:41.0605 5856 amdide - ok
23:11:41.0636 5856 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:11:41.0792 5856 AmdK7 - ok
23:11:41.0870 5856 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:11:41.0932 5856 AmdK8 - ok
23:11:42.0073 5856 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:11:42.0088 5856 arc - ok
23:11:42.0120 5856 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:11:42.0151 5856 arcsas - ok
23:11:42.0213 5856 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
23:11:42.0338 5856 ASMMAP - ok
23:11:42.0432 5856 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:11:42.0494 5856 AsyncMac - ok
23:11:42.0541 5856 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:11:42.0556 5856 atapi - ok
23:11:42.0634 5856 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
23:11:42.0712 5856 athr - ok
23:11:42.0822 5856 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:11:42.0837 5856 avgio - ok
23:11:42.0915 5856 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
23:11:42.0962 5856 avgntflt - ok
23:11:42.0993 5856 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
23:11:43.0009 5856 avipbb - ok
23:11:43.0102 5856 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:11:43.0165 5856 Beep - ok
23:11:43.0212 5856 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:11:43.0258 5856 blbdrive - ok
23:11:43.0321 5856 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:11:43.0383 5856 bowser - ok
23:11:43.0430 5856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:11:43.0539 5856 BrFiltLo - ok
23:11:43.0633 5856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:11:43.0680 5856 BrFiltUp - ok
23:11:43.0726 5856 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:11:43.0898 5856 Brserid - ok
23:11:43.0976 5856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:11:44.0085 5856 BrSerWdm - ok
23:11:44.0116 5856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:11:44.0210 5856 BrUsbMdm - ok
23:11:44.0226 5856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:11:44.0304 5856 BrUsbSer - ok
23:11:44.0350 5856 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:11:44.0428 5856 BTHMODEM - ok
23:11:44.0522 5856 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:11:44.0569 5856 cdfs - ok
23:11:44.0616 5856 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:11:44.0678 5856 cdrom - ok
23:11:44.0756 5856 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:11:44.0803 5856 circlass - ok
23:11:44.0834 5856 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:11:44.0850 5856 CLFS - ok
23:11:44.0912 5856 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:11:44.0959 5856 CmBatt - ok
23:11:44.0974 5856 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:11:44.0990 5856 cmdide - ok
23:11:45.0021 5856 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:11:45.0037 5856 Compbatt - ok
23:11:45.0052 5856 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:11:45.0068 5856 crcdisk - ok
23:11:45.0115 5856 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\Windows\system32\DRIVERS\CRFILTER.sys
23:11:45.0177 5856 CRFILTER - ok
23:11:45.0208 5856 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:11:45.0271 5856 Crusoe - ok
23:11:45.0349 5856 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:11:45.0396 5856 DfsC - ok
23:11:45.0474 5856 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:11:45.0489 5856 disk - ok
23:11:45.0567 5856 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:11:45.0630 5856 drmkaud - ok
23:11:45.0692 5856 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:11:45.0739 5856 DXGKrnl - ok
23:11:45.0786 5856 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:11:45.0848 5856 E1G60 - ok
23:11:45.0942 5856 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:11:45.0973 5856 Ecache - ok
23:11:46.0035 5856 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:11:46.0066 5856 elxstor - ok
23:11:46.0113 5856 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:11:46.0176 5856 ErrDev - ok
23:11:46.0269 5856 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:11:46.0316 5856 exfat - ok
23:11:46.0332 5856 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:11:46.0394 5856 fastfat - ok
23:11:46.0456 5856 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:11:46.0534 5856 fdc - ok
23:11:46.0566 5856 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:11:46.0597 5856 FileInfo - ok
23:11:46.0612 5856 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:11:46.0690 5856 Filetrace - ok
23:11:46.0706 5856 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:11:46.0784 5856 flpydisk - ok
23:11:46.0815 5856 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:11:46.0846 5856 FltMgr - ok
23:11:46.0893 5856 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:11:46.0956 5856 Fs_Rec - ok
23:11:46.0987 5856 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:11:47.0002 5856 gagp30kx - ok
23:11:47.0034 5856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:11:47.0049 5856 GEARAspiWDM - ok
23:11:47.0112 5856 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
23:11:47.0174 5856 ghaio - ok
23:11:47.0314 5856 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:11:47.0377 5856 HdAudAddService - ok
23:11:47.0424 5856 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:11:47.0470 5856 HDAudBus - ok
23:11:47.0502 5856 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:11:47.0564 5856 HidBth - ok
23:11:47.0595 5856 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:11:47.0658 5856 HidIr - ok
23:11:47.0767 5856 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:11:47.0814 5856 HidUsb - ok
23:11:47.0829 5856 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:11:47.0845 5856 HpCISSs - ok
23:11:47.0892 5856 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:11:47.0938 5856 HTTP - ok
23:11:48.0048 5856 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:11:48.0110 5856 hwdatacard - ok
23:11:48.0172 5856 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
23:11:48.0219 5856 hwusbdev - ok
23:11:48.0313 5856 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:11:48.0313 5856 i2omp - ok
23:11:48.0360 5856 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:11:48.0391 5856 i8042prt - ok
23:11:48.0438 5856 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:11:48.0453 5856 iaStorV - ok
23:11:48.0469 5856 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:11:48.0484 5856 iirsp - ok
23:11:48.0594 5856 IntcAzAudAddService (0557aaee4c86e2c333acd2baf42a7619) C:\Windows\system32\drivers\RTKVHDA.sys
23:11:48.0672 5856 IntcAzAudAddService - ok
23:11:48.0781 5856 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:11:48.0796 5856 intelide - ok
23:11:48.0843 5856 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:11:48.0890 5856 intelppm - ok
23:11:48.0952 5856 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:11:48.0999 5856 IpFilterDriver - ok
23:11:49.0015 5856 IpInIp - ok
23:11:49.0030 5856 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:11:49.0077 5856 IPMIDRV - ok
23:11:49.0108 5856 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:11:49.0155 5856 IPNAT - ok
23:11:49.0186 5856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:11:49.0218 5856 IRENUM - ok
23:11:49.0233 5856 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:11:49.0249 5856 isapnp - ok
23:11:49.0296 5856 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:11:49.0311 5856 iScsiPrt - ok
23:11:49.0342 5856 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:11:49.0342 5856 iteatapi - ok
23:11:49.0389 5856 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:11:49.0405 5856 iteraid - ok
23:11:49.0420 5856 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:11:49.0436 5856 kbdclass - ok
23:11:49.0467 5856 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:11:49.0498 5856 kbdhid - ok
23:11:49.0545 5856 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:11:49.0608 5856 kbfiltr - ok
23:11:49.0639 5856 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:11:49.0670 5856 KSecDD - ok
23:11:49.0764 5856 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:11:49.0795 5856 lltdio - ok
23:11:49.0826 5856 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:11:49.0857 5856 LSI_FC - ok
23:11:49.0873 5856 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:11:49.0888 5856 LSI_SAS - ok
23:11:49.0904 5856 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:11:49.0920 5856 LSI_SCSI - ok
23:11:49.0951 5856 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:11:49.0982 5856 luafv - ok
23:11:50.0060 5856 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:11:50.0107 5856 MBAMProtector - ok
23:11:50.0138 5856 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:11:50.0154 5856 megasas - ok
23:11:50.0185 5856 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:11:50.0216 5856 MegaSR - ok
23:11:50.0247 5856 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:11:50.0294 5856 Modem - ok
23:11:50.0341 5856 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
23:11:50.0388 5856 MODEMCSA - ok
23:11:50.0481 5856 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:11:50.0528 5856 monitor - ok
23:11:50.0559 5856 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:11:50.0559 5856 mouclass - ok
23:11:50.0590 5856 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:11:50.0637 5856 mouhid - ok
23:11:50.0653 5856 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:11:50.0668 5856 MountMgr - ok
23:11:50.0715 5856 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:11:50.0731 5856 mpio - ok
23:11:50.0762 5856 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:11:50.0793 5856 mpsdrv - ok
23:11:50.0824 5856 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:11:50.0840 5856 Mraid35x - ok
23:11:50.0887 5856 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:11:50.0934 5856 MRxDAV - ok
23:11:50.0996 5856 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:11:51.0027 5856 mrxsmb - ok
23:11:51.0074 5856 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:11:51.0105 5856 mrxsmb10 - ok
23:11:51.0152 5856 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:11:51.0199 5856 mrxsmb20 - ok
23:11:51.0261 5856 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
23:11:51.0277 5856 msahci - ok
23:11:51.0308 5856 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:11:51.0324 5856 msdsm - ok
23:11:51.0402 5856 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:11:51.0433 5856 Msfs - ok
23:11:51.0526 5856 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:11:51.0542 5856 msisadrv - ok
23:11:51.0604 5856 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:11:51.0636 5856 MSKSSRV - ok
23:11:51.0698 5856 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:11:51.0745 5856 MSPCLOCK - ok
23:11:51.0776 5856 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:11:51.0838 5856 MSPQM - ok
23:11:51.0948 5856 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:11:51.0963 5856 MsRPC - ok
23:11:52.0119 5856 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:11:52.0135 5856 mssmbios - ok
23:11:52.0260 5856 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:11:52.0306 5856 MSTEE - ok
23:11:52.0369 5856 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
23:11:52.0400 5856 MTsensor - ok
23:11:52.0447 5856 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:11:52.0462 5856 Mup - ok
23:11:52.0540 5856 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:11:52.0572 5856 NativeWifiP - ok
23:11:52.0603 5856 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:11:52.0650 5856 NDIS - ok
23:11:52.0712 5856 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:11:52.0759 5856 NdisTapi - ok
23:11:52.0774 5856 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:11:52.0837 5856 Ndisuio - ok
23:11:52.0899 5856 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:11:52.0946 5856 NdisWan - ok
23:11:52.0993 5856 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:11:53.0040 5856 NDProxy - ok
23:11:53.0086 5856 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:11:53.0149 5856 NetBIOS - ok
23:11:53.0242 5856 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:11:53.0289 5856 netbt - ok
23:11:53.0352 5856 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:11:53.0367 5856 nfrd960 - ok
23:11:53.0430 5856 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:11:53.0476 5856 Npfs - ok
23:11:53.0523 5856 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:11:53.0586 5856 nsiproxy - ok
23:11:53.0710 5856 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:11:53.0788 5856 Ntfs - ok
23:11:53.0929 5856 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:11:54.0022 5856 ntrigdigi - ok
23:11:54.0163 5856 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:11:54.0210 5856 Null - ok
23:11:54.0397 5856 NVENETFD (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:11:54.0522 5856 NVENETFD - ok
23:11:54.0693 5856 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
23:11:54.0787 5856 NVHDA - ok
23:11:55.0364 5856 nvlddmkm (b5d2b15d3eba77bef9392fbefb3ddda0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:11:55.0801 5856 nvlddmkm - ok
23:11:55.0941 5856 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:11:55.0972 5856 nvraid - ok
23:11:56.0004 5856 nvsmu (736054614ab962d4ec01ef4abce115f1) C:\Windows\system32\DRIVERS\nvsmu.sys
23:11:56.0066 5856 nvsmu - ok
23:11:56.0097 5856 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:11:56.0128 5856 nvstor - ok
23:11:56.0160 5856 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:11:56.0191 5856 nv_agp - ok
23:11:56.0206 5856 NwlnkFlt - ok
23:11:56.0222 5856 NwlnkFwd - ok
23:11:56.0269 5856 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:11:56.0331 5856 ohci1394 - ok
23:11:56.0378 5856 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:11:56.0440 5856 Parport - ok
23:11:56.0472 5856 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:11:56.0487 5856 partmgr - ok
23:11:56.0518 5856 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:11:56.0596 5856 Parvdm - ok
23:11:56.0643 5856 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:11:56.0659 5856 pci - ok
23:11:56.0706 5856 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:11:56.0721 5856 pciide - ok
23:11:56.0737 5856 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:11:56.0752 5856 pcmcia - ok
23:11:56.0799 5856 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:11:56.0893 5856 PEAUTH - ok
23:11:57.0002 5856 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:11:57.0049 5856 PptpMiniport - ok
23:11:57.0080 5856 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:11:57.0111 5856 Processor - ok
23:11:57.0174 5856 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:11:57.0205 5856 PSched - ok
23:11:57.0236 5856 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:11:57.0298 5856 PxHelp20 - ok
23:11:57.0361 5856 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:11:57.0408 5856 ql2300 - ok
23:11:57.0439 5856 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:11:57.0454 5856 ql40xx - ok
23:11:57.0486 5856 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:11:57.0548 5856 QWAVEdrv - ok
23:11:57.0579 5856 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:11:57.0642 5856 RasAcd - ok
23:11:57.0673 5856 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:11:57.0735 5856 Rasl2tp - ok
23:11:57.0798 5856 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:11:57.0829 5856 RasPppoe - ok
23:11:57.0860 5856 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:11:57.0891 5856 RasSstp - ok
23:11:57.0922 5856 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:11:57.0954 5856 rdbss - ok
23:11:57.0985 5856 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:11:58.0032 5856 RDPCDD - ok
23:11:58.0063 5856 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:11:58.0094 5856 rdpdr - ok
23:11:58.0125 5856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:11:58.0156 5856 RDPENCDD - ok
23:11:58.0203 5856 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:11:58.0234 5856 RDPWD - ok
23:11:58.0281 5856 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:11:58.0328 5856 rspndr - ok
23:11:58.0344 5856 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:11:58.0375 5856 sbp2port - ok
23:11:58.0422 5856 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
23:11:58.0468 5856 sdbus - ok
23:11:58.0500 5856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:11:58.0562 5856 secdrv - ok
23:11:58.0718 5856 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:11:58.0780 5856 Serenum - ok
23:11:58.0952 5856 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:11:59.0030 5856 Serial - ok
23:11:59.0248 5856 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:11:59.0311 5856 sermouse - ok
23:11:59.0592 5856 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:11:59.0638 5856 sffdisk - ok
23:11:59.0716 5856 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:11:59.0779 5856 sffp_mmc - ok
23:11:59.0810 5856 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:11:59.0857 5856 sffp_sd - ok
23:11:59.0904 5856 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
23:11:59.0966 5856 sfloppy - ok
23:12:00.0184 5856 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:12:00.0216 5856 sisagp - ok
23:12:00.0247 5856 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:12:00.0278 5856 SiSRaid2 - ok
23:12:00.0294 5856 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:12:00.0325 5856 SiSRaid4 - ok
23:12:00.0387 5856 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:12:00.0434 5856 Smb - ok
23:12:00.0528 5856 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
23:12:00.0652 5856 smserial - ok
23:12:01.0027 5856 SNP2UVC (85da7b2a2f248c8c69d7d0a526342683) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:12:01.0167 5856 SNP2UVC - ok
23:12:01.0292 5856 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:12:01.0323 5856 spldr - ok
23:12:01.0510 5856 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:12:01.0573 5856 srv - ok
23:12:01.0791 5856 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:12:01.0854 5856 srv2 - ok
23:12:01.0885 5856 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:12:01.0932 5856 srvnet - ok
23:12:01.0978 5856 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:12:01.0994 5856 ssmdrv - ok
23:12:02.0103 5856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:12:02.0119 5856 swenum - ok
23:12:02.0228 5856 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:12:02.0259 5856 Symc8xx - ok
23:12:02.0306 5856 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:12:02.0322 5856 Sym_hi - ok
23:12:02.0368 5856 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:12:02.0384 5856 Sym_u3 - ok
23:12:02.0415 5856 SynTP (db835c324cd488a86e9bfc2c3fd29cd8) C:\Windows\system32\DRIVERS\SynTP.sys
23:12:02.0493 5856 SynTP - ok
23:12:02.0805 5856 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:12:02.0852 5856 Tcpip - ok
23:12:03.0133 5856 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:12:03.0336 5856 Tcpip6 - ok
23:12:03.0476 5856 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:12:03.0538 5856 tcpipreg - ok
23:12:03.0601 5856 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:12:03.0710 5856 TDPIPE - ok
23:12:03.0726 5856 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:12:03.0788 5856 TDTCP - ok
23:12:04.0022 5856 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:12:04.0084 5856 tdx - ok
23:12:04.0225 5856 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:12:04.0256 5856 TermDD - ok
23:12:04.0412 5856 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:12:04.0474 5856 tssecsrv - ok
23:12:04.0599 5856 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:12:04.0693 5856 tunmp - ok
23:12:04.0833 5856 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:12:04.0864 5856 tunnel - ok
23:12:04.0958 5856 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:12:04.0989 5856 uagp35 - ok
23:12:05.0020 5856 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:12:05.0067 5856 udfs - ok
23:12:05.0114 5856 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:12:05.0145 5856 uliagpkx - ok
23:12:05.0176 5856 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:12:05.0208 5856 uliahci - ok
23:12:05.0332 5856 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:12:05.0364 5856 UlSata - ok
23:12:05.0410 5856 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:12:05.0426 5856 ulsata2 - ok
23:12:05.0566 5856 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:12:05.0629 5856 umbus - ok
23:12:05.0816 5856 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
23:12:05.0863 5856 USBAAPL - ok
23:12:05.0956 5856 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:12:06.0019 5856 usbccgp - ok
23:12:06.0034 5856 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:12:06.0128 5856 usbcir - ok
23:12:06.0175 5856 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:12:06.0237 5856 usbehci - ok
23:12:06.0300 5856 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:12:06.0346 5856 usbhub - ok
23:12:06.0487 5856 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:12:06.0549 5856 usbohci - ok
23:12:06.0612 5856 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:12:06.0690 5856 usbprint - ok
23:12:06.0768 5856 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:12:06.0830 5856 usbscan - ok
23:12:06.0877 5856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:12:06.0924 5856 USBSTOR - ok
23:12:06.0970 5856 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:12:07.0033 5856 usbuhci - ok
23:12:07.0158 5856 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:12:07.0236 5856 usbvideo - ok
23:12:07.0454 5856 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:12:07.0532 5856 vga - ok
23:12:07.0672 5856 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:12:07.0782 5856 VgaSave - ok
23:12:07.0813 5856 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:12:07.0844 5856 viaagp - ok
23:12:07.0875 5856 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:12:07.0953 5856 ViaC7 - ok
23:12:07.0969 5856 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:12:07.0984 5856 viaide - ok
23:12:08.0031 5856 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:12:08.0047 5856 volmgr - ok
23:12:08.0094 5856 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:12:08.0125 5856 volmgrx - ok
23:12:08.0172 5856 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:12:08.0218 5856 volsnap - ok
23:12:08.0250 5856 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:12:08.0281 5856 vsmraid - ok
23:12:08.0374 5856 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:12:08.0484 5856 WacomPen - ok
23:12:08.0671 5856 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:12:08.0733 5856 Wanarp - ok
23:12:08.0749 5856 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:12:08.0796 5856 Wanarpv6 - ok
23:12:09.0045 5856 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:12:09.0045 5856 Wd - ok
23:12:09.0123 5856 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:12:09.0154 5856 Wdf01000 - ok
23:12:09.0326 5856 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:12:09.0357 5856 WmiAcpi - ok
23:12:09.0420 5856 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:12:09.0451 5856 WpdUsb - ok
23:12:09.0482 5856 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:12:09.0529 5856 ws2ifsl - ok
23:12:09.0576 5856 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:12:09.0607 5856 WUDFRd - ok
23:12:09.0700 5856 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
23:12:09.0763 5856 yukonwlh - ok
23:12:09.0794 5856 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
23:12:10.0122 5856 \Device\Harddisk0\DR0 - ok
23:12:10.0122 5856 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR4
23:12:17.0937 5856 \Device\Harddisk1\DR4 - ok
23:12:17.0968 5856 Boot (0x1200) (dee3e6a168f2db2e996f2ab63c3c3854) \Device\Harddisk0\DR0\Partition0
23:12:17.0968 5856 \Device\Harddisk0\DR0\Partition0 - ok
23:12:18.0000 5856 Boot (0x1200) (5f2bfe29efbec95b639df4583a68b225) \Device\Harddisk0\DR0\Partition1
23:12:18.0000 5856 \Device\Harddisk0\DR0\Partition1 - ok
23:12:18.0015 5856 Boot (0x1200) (1a2b2a497d664150766fb17cb0d7b270) \Device\Harddisk1\DR4\Partition0
23:12:18.0015 5856 \Device\Harddisk1\DR4\Partition0 - ok
23:12:18.0015 5856 ============================================================
23:12:18.0015 5856 Scan finished
23:12:18.0015 5856 ============================================================
23:12:18.0031 5284 Detected object count: 0
23:12:18.0031 5284 Actual detected object count: 0
 |
|
| Themen zu Windows blockiert - 50€ Trojaner |
| 50€ trojaner, 50€-trojaner, abgesicherten, berlin, blockiert, desktop, direkt, erkennt, forum, frage, freundin, infizierte, internet, kaufen, laptop, lösung, modus, netzwerk, programme, scan, speicher, suche, system, trojane, trojaner, upgrade, windows, zusammen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
