| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spyhunter 4 und Win 7 Home Security eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
10.01.2012, 20:11
| #1 |
 |  Spyhunter 4 und Win 7 Home Security eingefangen Hi, wie oben schon erwähnt, habe ich mir zu erst Win 7 Home Security 2012 eingefangen und dann aufgrund dieser Anleitung hxxp://de.pcthreat.com/parasitebyid-19091de.html zum entfernen auch Spyhunter installiert. Leider hab ich erst danach erfahren, dass Spyhunter selbst Malware ist und aufgrund dessen, wie ja auch hier beschrieben, eine Systemwiederherstellung durchgeführt. Seit dem sind auch die ganzen erstellten Datein vom Win 7 Home Security 2012 weg. Zur Sicherheit hatte ich dann nochmal Anti-Malware installiert und scannen lassen, sowie rkill.com und FixNCR ausgeführt und alle haben nichts gefunden. Auch der Windows Security Essential hat nichts ausegeben. Jetzt bin ich mir aber immernoch nicht sicher ob Win 7 Home Security 2012 komplett weg ist und ob die Systemwiederherstellung das wirklich auch gelöscht hat. Habe Windows 7 86-Bit. Und vielen Dank schonmal für euere Hilfe. OTL hat folgendes ausgegeben: |
|
11.01.2012, 18:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Spyhunter 4 und Win 7 Home Security eingefangenZitat:
__________________ |
|
11.01.2012, 21:47
| #3 | |
| | Spyhunter 4 und Win 7 Home Security eingefangenZitat:
Danke schonmal für deine Hilfe. Edit: So, dass hier gibt Malwarebyte aus: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.11.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Kathi :: KATHI-PC [Administrator] 11.01.2012 13:08:53 mbam-log-2012-01-11 (13-08-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 177592 Laufzeit: 5 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) Geändert von Speedx (11.01.2012 um 22:20 Uhr) |
|
12.01.2012, 14:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2012, 06:04
| #5 |
| | Spyhunter 4 und Win 7 Home Security eingefangen hi, also, dass ist die Ausgabe von dem ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b756fac841b38409a1b21fa82a3d49c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-13 01:13:33
# local_time=2012-01-12 08:13:33 (-0500, Eastern Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17213178 77954605 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196786
# found=1
# cleaned=0
# scan_time=7400
C:\Users\Kathi\AppData\Local\Mozilla\Firefox\Profiles\y0vv4hom.default\Cache\6\E0\6DD38d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.12.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Kathi :: KATHI-PC [Administrator] 12.01.2012 16:10:03 mbam-log-2012-01-12 (16-10-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 362734 Laufzeit: 1 Stunde(n), 19 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.01.2012, 14:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Spyhunter 4 und Win 7 Home Security eingefangen |
|
13.01.2012, 19:33
| #7 |
| | Spyhunter 4 und Win 7 Home Security eingefangen Okay, hier ist die Ausgabe von OTL Code:
ATTFilter OTL logfile created on: 13.01.2012 10:09:42 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathi\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,63% Memory free 5,99 Gb Paging File | 4,90 Gb Available in Paging File | 81,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,30 Gb Total Space | 47,41 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Drive D: | 175,78 Gb Total Space | 89,55 Gb Free Space | 50,95% Space Free | Partition Type: NTFS Computer Name: KATHI-PC | User Name: Kathi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.10 10:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe PRC - [2012.01.03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2011.07.20 20:16:22 | 000,119,808 | --S- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Research KinectSDK\Service\KinectManagementService.exe PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2011.06.01 14:16:12 | 000,539,416 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2011.05.25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.05.11 14:08:44 | 008,148,992 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.exe PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011.03.21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 11:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 11:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 07:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 07:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.21 07:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 07:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.09.03 16:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe PRC - [2009.08.17 19:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.17 19:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.03.30 05:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008.07.10 04:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 10:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 10:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.18 05:45:20 | 000,100,352 | ---- | M] () -- C:\Programme\HMA! Pro VPN\bin\ForceInterfaceLSP.dll MOD - [2011.06.11 07:04:43 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.03.21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.02.08 19:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.09 15:49:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 20:16:22 | 000,119,808 | --S- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Research KinectSDK\Service\KinectManagementService.exe -- (KinectManagement) SRV - [2011.07.13 09:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.05.11 14:08:44 | 008,148,992 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5) SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009.08.17 19:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.01.13 09:59:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A48B72-EAB8-4130-9C90-D36E832B9DB1}\MpKslcc9bed04.sys -- (MpKslcc9bed04) DRV - [2011.07.20 19:24:16 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kinectcamera.sys -- (KinectCamera) DRV - [2011.07.13 09:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.07.05 03:12:16 | 000,035,944 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rsvcdwdr.sys -- (rsvcdwdr) DRV - [2011.07.05 03:12:11 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP) DRV - [2011.07.05 03:12:11 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap) DRV - [2011.05.30 07:02:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.11.20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.08.17 20:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.03.30 05:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE F8 1B 87 F5 C5 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 143.215.131.206:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.06.10 17:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.06.10 17:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 12:44:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 12:39:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.10 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\mozilla\Extensions [2011.12.27 04:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions [2011.06.11 07:13:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.27 04:20:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.11 14:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.11 12:44:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.11 12:44:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.11 12:44:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.11 12:44:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 12:44:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.11 12:44:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.11 12:44:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.25.115.12 142.25.115.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B5C66B-6ED0-4F03-B1AB-F391458C2175}: DhcpNameServer = 142.25.115.12 142.25.115.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell - "" = AutoRun O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell\AutoRun\command - "" = G:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.12 18:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.11 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.01.11 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.01.11 12:10:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.10 10:48:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe [2012.01.09 19:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.09 15:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012.01.09 12:49:53 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012.01.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.01.09 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes [2012.01.09 11:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.09 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.09 11:26:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.09 11:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.06 22:39:59 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4AF3A32D-D8AA-44C5-A93C-B22E763ACB38} [2012.01.06 22:39:32 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{DFDC0D6A-00A9-433E-A6E1-E169CDDF4E2D} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.13 10:07:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 10:07:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 09:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.13 09:59:26 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys [2012.01.12 21:02:54 | 000,005,230 | ---- | M] () -- C:\Users\Kathi\Desktop\malwarebytes_log.zip [2012.01.11 16:24:58 | 000,016,782 | ---- | M] () -- C:\Users\Kathi\Documents\kanada_trip.ods [2012.01.11 12:39:24 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.11 01:22:43 | 000,764,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.11 01:22:43 | 000,719,620 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.11 01:22:43 | 000,173,596 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.11 01:22:43 | 000,146,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.10 10:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe [2012.01.09 15:52:12 | 000,371,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.09 15:04:48 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 [2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 [2012.01.08 17:53:52 | 000,009,783 | ---- | M] () -- C:\Users\Kathi\Documents\kanada.odt [2012.01.02 23:35:09 | 000,011,443 | ---- | M] () -- C:\Users\Kathi\Documents\Praktikum_1.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.12 21:02:53 | 000,005,230 | ---- | C] () -- C:\Users\Kathi\Desktop\malwarebytes_log.zip [2012.01.11 12:39:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.11 12:39:24 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.09 02:35:43 | 000,009,230 | -HS- | C] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 [2012.01.09 02:35:43 | 000,009,230 | -HS- | C] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 [2012.01.02 23:32:19 | 000,011,443 | ---- | C] () -- C:\Users\Kathi\Documents\Praktikum_1.odt [2011.12.26 02:42:11 | 000,016,782 | ---- | C] () -- C:\Users\Kathi\Documents\kanada_trip.ods [2011.11.04 01:18:02 | 000,000,470 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.07.20 20:16:28 | 000,082,432 | --S- | C] () -- C:\Windows\System32\KinectCOMLib.dll [2011.06.30 07:22:35 | 000,000,600 | ---- | C] () -- C:\Users\Kathi\AppData\Local\PUTTY.RND [2011.06.16 20:26:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.15 03:45:04 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.11 08:07:26 | 000,000,600 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\winscp.rnd [2011.06.10 17:26:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.10 17:12:55 | 000,000,017 | ---- | C] () -- C:\Users\Kathi\AppData\Local\resmon.resmoncfg [2011.06.10 16:49:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 03:50:01 | 000,764,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 03:50:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 03:50:01 | 000,173,596 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 03:50:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.13 23:33:53 | 000,371,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.13 21:05:48 | 000,719,620 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.13 21:05:48 | 000,146,542 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 12:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.01.13 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Dropbox [2011.08.20 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoft [2011.08.09 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.02 09:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\gtk-2.0 [2011.06.11 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MySQL [2011.06.11 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Notepad++ [2011.06.11 08:07:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenCandy [2011.06.11 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org [2011.07.26 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Opera [2011.06.11 07:34:45 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Subversion [2011.08.02 06:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Thunderbird [2012.01.04 12:45:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.11 08:03:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Adobe [2011.08.20 15:48:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Apple Computer [2011.06.26 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DivX [2012.01.13 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Dropbox [2011.08.20 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoft [2011.08.09 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.02 09:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\gtk-2.0 [2011.06.10 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Identities [2011.06.10 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Macromedia [2012.01.09 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes [2009.07.14 03:55:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Media Center Programs [2011.11.15 00:19:14 | 000,000,000 | --SD | M] -- C:\Users\Kathi\AppData\Roaming\Microsoft [2011.10.19 01:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Microsoft Corporation [2011.06.10 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mozilla [2011.06.11 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MySQL [2011.06.11 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Notepad++ [2011.06.11 08:07:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenCandy [2011.06.11 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org [2011.07.26 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Opera [2011.06.11 09:26:30 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Real [2011.07.02 09:09:56 | 000,000,000 | RH-D | M] -- C:\Users\Kathi\AppData\Roaming\SecuROM [2012.01.13 10:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Skype [2012.01.13 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\skypePM [2011.06.11 07:34:45 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Subversion [2011.08.02 06:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Thunderbird [2011.06.20 03:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TortoiseSVN [2011.12.12 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\vlc [2011.11.02 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\VMware [2011.06.13 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.05.25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 15:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.06.11 08:07:20 | 000,416,160 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\OpenCandy\OpenCandy_D73ADC0675C4498CA45F5D454080DC09\LatestDLMgr.exe [2011.06.11 08:07:26 | 000,691,472 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\OpenCandy\OpenCandy_D73ADC0675C4498CA45F5D454080DC09\RealPlayerDE_p1v2.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX4\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX5\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX6\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX7\userinit.exe < MD5 for: WININIT.EXE > [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX4\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX5\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX6\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX7\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.07.23 04:46:07 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.07.23 04:46:07 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2009.07.13 20:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < End of report > |
|
13.01.2012, 19:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell - "" = AutoRun
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell\AutoRun\command - "" = G:\iStudio.exe
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2012, 20:31
| #9 |
| | Spyhunter 4 und Win 7 Home Security eingefangen Hab alles gemacht, wie du gesagt hast. Hier ist die Ausgabe: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
File G:\iStudio.exe not found.
File C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 not found.
File C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kathi
->Temp folder emptied: 2014033 bytes
->Temporary Internet Files folder emptied: 201454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7215071 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1410 bytes
RecycleBin emptied: 112504 bytes
Total Files Cleaned = 9,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_112548
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
13.01.2012, 23:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2012, 23:46
| #11 |
| | Spyhunter 4 und Win 7 Home Security eingefangen Okay, hier ist der Report vom Tdsskiller: Code:
ATTFilter 14:42:07.0138 2840 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
14:42:07.0637 2840 ============================================================
14:42:07.0638 2840 Current date / time: 2012/01/13 14:42:07.0637
14:42:07.0638 2840 SystemInfo:
14:42:07.0638 2840
14:42:07.0638 2840 OS Version: 6.1.7601 ServicePack: 1.0
14:42:07.0638 2840 Product type: Workstation
14:42:07.0638 2840 ComputerName: KATHI-PC
14:42:07.0638 2840 UserName: Kathi
14:42:07.0638 2840 Windows directory: C:\Windows
14:42:07.0638 2840 System windows directory: C:\Windows
14:42:07.0638 2840 Processor architecture: Intel x86
14:42:07.0638 2840 Number of processors: 2
14:42:07.0638 2840 Page size: 0x1000
14:42:07.0638 2840 Boot type: Normal boot
14:42:07.0639 2840 ============================================================
14:42:09.0522 2840 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
14:42:09.0605 2840 Initialize success
14:43:32.0431 4336 ============================================================
14:43:32.0431 4336 Scan started
14:43:32.0431 4336 Mode: Manual; SigCheck; TDLFS;
14:43:32.0431 4336 ============================================================
14:43:33.0673 4336 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:33.0812 4336 1394ohci - ok
14:43:34.0126 4336 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:34.0165 4336 ACPI - ok
14:43:34.0290 4336 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:34.0399 4336 AcpiPmi - ok
14:43:34.0759 4336 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:34.0792 4336 adp94xx - ok
14:43:34.0967 4336 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:34.0995 4336 adpahci - ok
14:43:35.0032 4336 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:35.0062 4336 adpu320 - ok
14:43:35.0153 4336 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:35.0224 4336 AFD - ok
14:43:35.0295 4336 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:35.0324 4336 agp440 - ok
14:43:35.0377 4336 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:43:35.0405 4336 aic78xx - ok
14:43:35.0487 4336 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:35.0509 4336 aliide - ok
14:43:35.0572 4336 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:35.0600 4336 amdagp - ok
14:43:35.0636 4336 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:35.0670 4336 amdide - ok
14:43:35.0731 4336 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:35.0793 4336 AmdK8 - ok
14:43:35.0822 4336 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:35.0887 4336 AmdPPM - ok
14:43:35.0962 4336 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:43:35.0988 4336 amdsata - ok
14:43:36.0042 4336 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:36.0075 4336 amdsbs - ok
14:43:36.0101 4336 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:43:36.0127 4336 amdxata - ok
14:43:36.0186 4336 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:36.0329 4336 AppID - ok
14:43:36.0532 4336 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:43:36.0558 4336 arc - ok
14:43:36.0622 4336 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:36.0660 4336 arcsas - ok
14:43:36.0762 4336 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:36.0894 4336 AsyncMac - ok
14:43:36.0970 4336 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:37.0008 4336 atapi - ok
14:43:37.0083 4336 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
14:43:37.0167 4336 athr - ok
14:43:37.0556 4336 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:37.0820 4336 atikmdag - ok
14:43:38.0197 4336 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:43:38.0261 4336 b06bdrv - ok
14:43:38.0362 4336 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:38.0391 4336 b57nd60x - ok
14:43:38.0471 4336 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:38.0536 4336 Beep - ok
14:43:38.0600 4336 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:38.0663 4336 blbdrive - ok
14:43:38.0741 4336 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:38.0804 4336 bowser - ok
14:43:38.0832 4336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:38.0888 4336 BrFiltLo - ok
14:43:38.0906 4336 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:38.0959 4336 BrFiltUp - ok
14:43:39.0035 4336 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:39.0121 4336 Brserid - ok
14:43:39.0142 4336 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:39.0213 4336 BrSerWdm - ok
14:43:39.0232 4336 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:39.0282 4336 BrUsbMdm - ok
14:43:39.0323 4336 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:39.0367 4336 BrUsbSer - ok
14:43:39.0426 4336 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:39.0475 4336 BTHMODEM - ok
14:43:39.0552 4336 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:39.0629 4336 cdfs - ok
14:43:39.0695 4336 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:39.0736 4336 cdrom - ok
14:43:39.0792 4336 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:43:39.0834 4336 circlass - ok
14:43:39.0889 4336 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:43:39.0931 4336 CLFS - ok
14:43:40.0082 4336 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:40.0141 4336 CmBatt - ok
14:43:40.0213 4336 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:43:40.0235 4336 cmdide - ok
14:43:40.0356 4336 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:43:40.0399 4336 CNG - ok
14:43:40.0459 4336 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:40.0481 4336 Compbatt - ok
14:43:40.0531 4336 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:43:40.0573 4336 CompositeBus - ok
14:43:40.0620 4336 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:40.0642 4336 crcdisk - ok
14:43:40.0799 4336 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:43:40.0881 4336 CSC - ok
14:43:40.0959 4336 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:43:41.0011 4336 DfsC - ok
14:43:41.0152 4336 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:43:41.0240 4336 discache - ok
14:43:41.0294 4336 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:43:41.0322 4336 Disk - ok
14:43:41.0419 4336 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:43:41.0474 4336 drmkaud - ok
14:43:41.0732 4336 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:41.0779 4336 DXGKrnl - ok
14:43:41.0917 4336 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:43:42.0074 4336 ebdrv - ok
14:43:42.0149 4336 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:43:42.0187 4336 elxstor - ok
14:43:42.0340 4336 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:43:42.0408 4336 ErrDev - ok
14:43:42.0478 4336 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:43:42.0548 4336 exfat - ok
14:43:42.0646 4336 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:43:42.0715 4336 fastfat - ok
14:43:42.0765 4336 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:43:42.0802 4336 fdc - ok
14:43:42.0853 4336 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:43:42.0884 4336 FileInfo - ok
14:43:42.0985 4336 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:43:43.0047 4336 Filetrace - ok
14:43:43.0076 4336 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:43.0113 4336 flpydisk - ok
14:43:43.0207 4336 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:43:43.0245 4336 FltMgr - ok
14:43:43.0348 4336 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:43:43.0374 4336 FsDepends - ok
14:43:43.0432 4336 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:43.0460 4336 Fs_Rec - ok
14:43:43.0529 4336 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:43.0577 4336 fvevol - ok
14:43:43.0640 4336 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:43:43.0669 4336 gagp30kx - ok
14:43:43.0746 4336 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:43.0790 4336 GEARAspiWDM - ok
14:43:43.0828 4336 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:43:43.0888 4336 hcw85cir - ok
14:43:44.0068 4336 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:43:44.0148 4336 HdAudAddService - ok
14:43:44.0200 4336 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:43:44.0252 4336 HDAudBus - ok
14:43:44.0321 4336 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:43:44.0404 4336 HidBatt - ok
14:43:44.0438 4336 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:43:44.0510 4336 HidBth - ok
14:43:44.0561 4336 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:43:44.0609 4336 HidIr - ok
14:43:44.0694 4336 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:44.0790 4336 HidUsb - ok
14:43:44.0851 4336 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:43:44.0877 4336 HpSAMD - ok
14:43:44.0953 4336 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:43:45.0038 4336 HTTP - ok
14:43:45.0149 4336 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:43:45.0170 4336 hwpolicy - ok
14:43:45.0236 4336 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:43:45.0279 4336 i8042prt - ok
14:43:45.0330 4336 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:43:45.0372 4336 iaStorV - ok
14:43:45.0450 4336 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:43:45.0477 4336 iirsp - ok
14:43:45.0613 4336 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:43:45.0635 4336 intelide - ok
14:43:45.0682 4336 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:45.0716 4336 intelppm - ok
14:43:45.0758 4336 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:45.0832 4336 IpFilterDriver - ok
14:43:45.0950 4336 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:43:46.0030 4336 IPMIDRV - ok
14:43:46.0140 4336 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:43:46.0244 4336 IPNAT - ok
14:43:46.0305 4336 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:43:46.0355 4336 IRENUM - ok
14:43:46.0402 4336 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:43:46.0429 4336 isapnp - ok
14:43:46.0565 4336 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:43:46.0596 4336 iScsiPrt - ok
14:43:46.0655 4336 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:43:46.0684 4336 kbdclass - ok
14:43:46.0737 4336 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:43:46.0805 4336 kbdhid - ok
14:43:46.0884 4336 KinectCamera (de35d785762441d60b60902329652c0e) C:\Windows\system32\Drivers\kinectcamera.sys
14:43:46.0970 4336 KinectCamera - ok
14:43:47.0115 4336 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:43:47.0163 4336 KSecDD - ok
14:43:47.0201 4336 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:47.0236 4336 KSecPkg - ok
14:43:47.0320 4336 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:47.0374 4336 lltdio - ok
14:43:47.0441 4336 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:43:47.0469 4336 LSI_FC - ok
14:43:47.0491 4336 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:43:47.0561 4336 LSI_SAS - ok
14:43:47.0603 4336 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:43:47.0628 4336 LSI_SAS2 - ok
14:43:47.0649 4336 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:43:47.0677 4336 LSI_SCSI - ok
14:43:47.0732 4336 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:43:47.0837 4336 luafv - ok
14:43:47.0878 4336 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:43:47.0902 4336 megasas - ok
14:43:47.0954 4336 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:43:47.0996 4336 MegaSR - ok
14:43:48.0043 4336 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:43:48.0150 4336 Modem - ok
14:43:48.0256 4336 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:43:48.0364 4336 monitor - ok
14:43:48.0433 4336 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:48.0468 4336 mouclass - ok
14:43:48.0531 4336 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:48.0579 4336 mouhid - ok
14:43:48.0654 4336 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:43:48.0682 4336 mountmgr - ok
14:43:48.0804 4336 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:48.0868 4336 MpFilter - ok
14:43:48.0981 4336 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:43:49.0011 4336 mpio - ok
14:43:49.0111 4336 MpKsl0ac19252 - ok
14:43:49.0173 4336 MpKsl17f321b5 - ok
14:43:49.0222 4336 MpKsl271ab0ef - ok
14:43:49.0245 4336 MpKsl8395dea6 - ok
14:43:49.0270 4336 MpKsla90fc25b - ok
14:43:49.0323 4336 MpKslbd2e964a (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DD34C6E-5E78-4DF5-AE90-4ADFDF2544FE}\MpKslbd2e964a.sys
14:43:49.0356 4336 MpKslbd2e964a - ok
14:43:49.0408 4336 MpKslc16a69d2 - ok
14:43:49.0955 4336 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:43:49.0988 4336 MpNWMon - ok
14:43:50.0348 4336 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:43:50.0433 4336 mpsdrv - ok
14:43:50.0487 4336 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:43:50.0567 4336 MRxDAV - ok
14:43:50.0638 4336 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:50.0722 4336 mrxsmb - ok
14:43:50.0885 4336 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:50.0943 4336 mrxsmb10 - ok
14:43:51.0033 4336 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:51.0099 4336 mrxsmb20 - ok
14:43:51.0203 4336 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:43:51.0228 4336 msahci - ok
14:43:51.0272 4336 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:43:51.0302 4336 msdsm - ok
14:43:51.0368 4336 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:43:51.0412 4336 Msfs - ok
14:43:51.0441 4336 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:43:51.0519 4336 mshidkmdf - ok
14:43:51.0552 4336 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:43:51.0574 4336 msisadrv - ok
14:43:51.0646 4336 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:51.0702 4336 MSKSSRV - ok
14:43:51.0737 4336 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:51.0786 4336 MSPCLOCK - ok
14:43:51.0805 4336 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:43:51.0854 4336 MSPQM - ok
14:43:51.0894 4336 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:43:51.0922 4336 MsRPC - ok
14:43:51.0956 4336 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:43:51.0986 4336 mssmbios - ok
14:43:52.0054 4336 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:43:52.0107 4336 MSTEE - ok
14:43:52.0125 4336 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:52.0165 4336 MTConfig - ok
14:43:52.0203 4336 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:43:52.0234 4336 Mup - ok
14:43:52.0317 4336 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:52.0354 4336 NativeWifiP - ok
14:43:52.0410 4336 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:43:52.0470 4336 NDIS - ok
14:43:52.0502 4336 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:52.0559 4336 NdisCap - ok
14:43:52.0597 4336 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:52.0652 4336 NdisTapi - ok
14:43:52.0721 4336 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:52.0765 4336 Ndisuio - ok
14:43:52.0811 4336 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:52.0856 4336 NdisWan - ok
14:43:52.0883 4336 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:43:52.0948 4336 NDProxy - ok
14:43:53.0009 4336 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:43:53.0085 4336 NetBIOS - ok
14:43:53.0126 4336 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:43:53.0209 4336 NetBT - ok
14:43:53.0383 4336 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:53.0407 4336 nfrd960 - ok
14:43:53.0471 4336 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:53.0513 4336 NisDrv - ok
14:43:53.0570 4336 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:43:53.0629 4336 Npfs - ok
14:43:53.0666 4336 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:43:53.0730 4336 nsiproxy - ok
14:43:53.0810 4336 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:43:53.0985 4336 Ntfs - ok
14:43:54.0062 4336 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:43:54.0102 4336 Null - ok
14:43:54.0147 4336 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:43:54.0175 4336 nvraid - ok
14:43:54.0212 4336 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:43:54.0241 4336 nvstor - ok
14:43:54.0293 4336 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:43:54.0325 4336 nv_agp - ok
14:43:54.0366 4336 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:43:54.0416 4336 ohci1394 - ok
14:43:54.0556 4336 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:43:54.0610 4336 Parport - ok
14:43:54.0662 4336 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:43:54.0689 4336 partmgr - ok
14:43:54.0725 4336 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:43:54.0760 4336 Parvdm - ok
14:43:54.0807 4336 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:43:54.0838 4336 pci - ok
14:43:54.0861 4336 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:43:54.0884 4336 pciide - ok
14:43:54.0916 4336 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:54.0949 4336 pcmcia - ok
14:43:54.0982 4336 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:43:55.0008 4336 pcw - ok
14:43:55.0050 4336 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:43:55.0121 4336 PEAUTH - ok
14:43:55.0236 4336 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:55.0296 4336 PptpMiniport - ok
14:43:55.0329 4336 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:43:55.0375 4336 Processor - ok
14:43:55.0440 4336 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:43:55.0503 4336 Psched - ok
14:43:55.0565 4336 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:55.0631 4336 ql2300 - ok
14:43:55.0659 4336 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:55.0691 4336 ql40xx - ok
14:43:55.0735 4336 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:43:55.0786 4336 QWAVEdrv - ok
14:43:55.0819 4336 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:55.0881 4336 RasAcd - ok
14:43:55.0927 4336 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:55.0977 4336 RasAgileVpn - ok
14:43:56.0018 4336 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:56.0066 4336 Rasl2tp - ok
14:43:56.0114 4336 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:56.0174 4336 RasPppoe - ok
14:43:56.0212 4336 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:56.0269 4336 RasSstp - ok
14:43:56.0315 4336 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:56.0381 4336 rdbss - ok
14:43:56.0410 4336 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:56.0440 4336 rdpbus - ok
14:43:56.0482 4336 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:56.0533 4336 RDPCDD - ok
14:43:56.0585 4336 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:43:56.0634 4336 RDPDR - ok
14:43:56.0674 4336 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:43:56.0728 4336 RDPENCDD - ok
14:43:56.0767 4336 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:43:56.0830 4336 RDPREFMP - ok
14:43:56.0886 4336 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:43:56.0946 4336 RDPWD - ok
14:43:57.0020 4336 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:43:57.0057 4336 rdyboost - ok
14:43:57.0160 4336 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
14:43:57.0216 4336 RRNetCap - ok
14:43:57.0264 4336 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
14:43:57.0292 4336 RRNetCapMP - ok
14:43:57.0329 4336 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
14:43:57.0362 4336 RsFx0103 - ok
14:43:57.0435 4336 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:57.0487 4336 rspndr - ok
14:43:57.0539 4336 rsvcdwdr (8cf8c5899ee66b7b1a8fb0ae131b5092) C:\Windows\system32\DRIVERS\rsvcdwdr.sys
14:43:57.0569 4336 rsvcdwdr - ok
14:43:57.0601 4336 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:43:57.0650 4336 s3cap - ok
14:43:57.0705 4336 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:43:57.0739 4336 sbp2port - ok
14:43:57.0788 4336 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:57.0840 4336 scfilter - ok
14:43:57.0923 4336 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:43:57.0988 4336 secdrv - ok
14:43:58.0051 4336 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:43:58.0076 4336 Serenum - ok
14:43:58.0095 4336 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:43:58.0148 4336 Serial - ok
14:43:58.0184 4336 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:58.0235 4336 sermouse - ok
14:43:58.0303 4336 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:43:58.0344 4336 sffdisk - ok
14:43:58.0369 4336 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:43:58.0396 4336 sffp_mmc - ok
14:43:58.0420 4336 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:43:58.0469 4336 sffp_sd - ok
14:43:58.0488 4336 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:58.0518 4336 sfloppy - ok
14:43:58.0560 4336 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:43:58.0590 4336 sisagp - ok
14:43:58.0633 4336 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:58.0657 4336 SiSRaid2 - ok
14:43:58.0686 4336 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:58.0716 4336 SiSRaid4 - ok
14:43:58.0774 4336 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:43:58.0825 4336 Smb - ok
14:43:58.0893 4336 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:43:58.0916 4336 spldr - ok
14:43:59.0032 4336 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:43:59.0091 4336 srv - ok
14:43:59.0123 4336 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:43:59.0170 4336 srv2 - ok
14:43:59.0214 4336 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:59.0251 4336 srvnet - ok
14:43:59.0315 4336 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:59.0340 4336 stexstor - ok
14:43:59.0395 4336 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:43:59.0432 4336 storflt - ok
14:43:59.0466 4336 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:43:59.0490 4336 storvsc - ok
14:43:59.0514 4336 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:43:59.0540 4336 swenum - ok
14:43:59.0610 4336 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
14:43:59.0689 4336 tap0901 - ok
14:43:59.0751 4336 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
14:43:59.0775 4336 tbhsd - ok
14:43:59.0857 4336 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:43:59.0928 4336 Tcpip - ok
14:44:00.0010 4336 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:00.0068 4336 TCPIP6 - ok
14:44:00.0117 4336 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:00.0171 4336 tcpipreg - ok
14:44:00.0212 4336 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:44:00.0273 4336 TDPIPE - ok
14:44:00.0294 4336 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:44:00.0344 4336 TDTCP - ok
14:44:00.0395 4336 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:44:00.0451 4336 tdx - ok
14:44:00.0501 4336 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:44:00.0532 4336 TermDD - ok
14:44:00.0599 4336 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:00.0658 4336 tssecsrv - ok
14:44:00.0708 4336 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:44:00.0767 4336 TsUsbFlt - ok
14:44:00.0828 4336 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:00.0892 4336 tunnel - ok
14:44:00.0934 4336 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:00.0968 4336 uagp35 - ok
14:44:01.0027 4336 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:44:01.0090 4336 udfs - ok
14:44:01.0159 4336 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:44:01.0190 4336 uliagpkx - ok
14:44:01.0258 4336 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:44:01.0287 4336 umbus - ok
14:44:01.0322 4336 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:01.0349 4336 UmPass - ok
14:44:01.0421 4336 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:44:01.0472 4336 USBAAPL - ok
14:44:01.0518 4336 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:44:01.0591 4336 usbaudio - ok
14:44:01.0639 4336 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:01.0698 4336 usbccgp - ok
14:44:01.0738 4336 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:44:01.0768 4336 usbcir - ok
14:44:01.0813 4336 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:01.0838 4336 usbehci - ok
14:44:01.0907 4336 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:01.0954 4336 usbhub - ok
14:44:02.0002 4336 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
14:44:02.0057 4336 usbohci - ok
14:44:02.0092 4336 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:02.0140 4336 usbprint - ok
14:44:02.0187 4336 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
14:44:02.0239 4336 USBSTOR - ok
14:44:02.0286 4336 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:44:02.0327 4336 usbuhci - ok
14:44:02.0401 4336 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:44:02.0446 4336 usbvideo - ok
14:44:02.0505 4336 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:44:02.0530 4336 vdrvroot - ok
14:44:02.0588 4336 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:02.0634 4336 vga - ok
14:44:02.0677 4336 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:02.0723 4336 VgaSave - ok
14:44:02.0758 4336 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:44:02.0788 4336 vhdmp - ok
14:44:02.0833 4336 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:44:02.0862 4336 viaagp - ok
14:44:02.0895 4336 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:44:02.0939 4336 ViaC7 - ok
14:44:02.0974 4336 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:44:02.0996 4336 viaide - ok
14:44:03.0032 4336 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:44:03.0073 4336 vmbus - ok
14:44:03.0101 4336 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:44:03.0143 4336 VMBusHID - ok
14:44:03.0171 4336 VMnetAdapter - ok
14:44:03.0203 4336 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:44:03.0236 4336 volmgr - ok
14:44:03.0269 4336 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:03.0301 4336 volmgrx - ok
14:44:03.0337 4336 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:44:03.0368 4336 volsnap - ok
14:44:03.0409 4336 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:03.0438 4336 vsmraid - ok
14:44:03.0474 4336 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:03.0516 4336 vwifibus - ok
14:44:03.0553 4336 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:03.0584 4336 vwififlt - ok
14:44:03.0634 4336 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
14:44:03.0662 4336 vwifimp - ok
14:44:03.0696 4336 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:03.0750 4336 WacomPen - ok
14:44:03.0817 4336 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:03.0865 4336 WANARP - ok
14:44:03.0879 4336 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:03.0932 4336 Wanarpv6 - ok
14:44:03.0998 4336 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:44:04.0024 4336 Wd - ok
14:44:04.0061 4336 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:04.0100 4336 Wdf01000 - ok
14:44:04.0204 4336 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:04.0260 4336 WfpLwf - ok
14:44:04.0290 4336 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:44:04.0312 4336 WIMMount - ok
14:44:04.0429 4336 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:44:04.0488 4336 WinUsb - ok
14:44:04.0559 4336 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:04.0593 4336 WmiAcpi - ok
14:44:04.0672 4336 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:04.0734 4336 ws2ifsl - ok
14:44:04.0813 4336 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:44:04.0869 4336 WudfPf - ok
14:44:04.0920 4336 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:04.0966 4336 WUDFRd - ok
14:44:05.0074 4336 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
14:44:05.0107 4336 yukonw7 - ok
14:44:05.0169 4336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:44:05.0366 4336 \Device\Harddisk0\DR0 - ok
14:44:05.0376 4336 Boot (0x1200) (667f560978a31c738f40320f2fe6a84b) \Device\Harddisk0\DR0\Partition0
14:44:05.0378 4336 \Device\Harddisk0\DR0\Partition0 - ok
14:44:05.0415 4336 Boot (0x1200) (420a934c6dc317c684b131c93b6b74f3) \Device\Harddisk0\DR0\Partition1
14:44:05.0416 4336 \Device\Harddisk0\DR0\Partition1 - ok
14:44:05.0422 4336 ============================================================
14:44:05.0422 4336 Scan finished
14:44:05.0422 4336 ============================================================
14:44:05.0444 4836 Detected object count: 0
14:44:05.0444 4836 Actual detected object count: 0
Deshalb muss ich die unhide.exe nicht ausführen oder? |
|
14.01.2012, 00:01
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2012, 00:49
| #13 |
| | Spyhunter 4 und Win 7 Home Security eingefangen Wenn ich Combofix ausführen möchte, dann bekomme ich folgende Meldung: |
|
14.01.2012, 02:09
| #14 |
| | Spyhunter 4 und Win 7 Home Security eingefangen Hab ComboFix nochmal neu runtergeladen und dann hat es auch funktioniert. Hab dann die Fehlermeldung bekommen und Windows neu gestartet. Das hier ist die Ausgabe: Code:
ATTFilter ComboFix 12-01-13.05 - Kathi 13.01.2012 16:49:07.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2482 [GMT -5:00]
ausgeführt von:: c:\users\Kathi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kathi\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-13 bis 2012-01-13 ))))))))))))))))))))))))))))))
.
.
2012-01-13 21:56 . 2012-01-13 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 20:57 . 2012-01-13 20:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\MpKsla14f518d.sys
2012-01-13 20:56 . 2012-01-13 20:56 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\offreg.dll
2012-01-13 20:56 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\mpengine.dll
2012-01-13 16:15 . 2012-01-13 16:15 -------- d-----w- C:\_OTL
2012-01-12 23:06 . 2012-01-12 23:06 -------- d-----w- c:\program files\ESET
2012-01-11 17:44 . 2012-01-11 17:44 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 17:44 . 2012-01-11 17:44 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-11 17:44 . 2012-01-11 17:44 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-11 17:44 . 2012-01-11 17:44 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-11 17:38 . 2012-01-11 17:38 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-11 06:30 . 2012-01-11 06:30 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-11 05:42 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 00:06 . 2012-01-10 00:06 -------- d-----w- c:\program files\Common Files\Java
2012-01-09 20:50 . 2012-01-09 20:50 -------- d-----w- c:\windows\system32\Wat
2012-01-09 20:03 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-01-09 19:21 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-09 19:21 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-09 19:21 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-09 19:21 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-09 19:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-09 19:20 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-01-09 19:20 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-01-09 19:20 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-01-09 19:19 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-01-09 19:19 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-01-09 19:19 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2012-01-09 19:19 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-01-09 19:19 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-01-09 19:19 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-01-09 19:19 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-09 19:19 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 19:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-09 19:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-01-09 19:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-01-09 19:15 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2012-01-09 19:15 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2012-01-09 19:15 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-01-09 19:15 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2012-01-09 19:15 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2012-01-09 19:15 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2012-01-09 19:15 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-09 19:15 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-09 17:49 . 2012-01-09 17:50 -------- d-----w- C:\sh4ldr
2012-01-09 17:49 . 2012-01-09 17:49 -------- d-----w- c:\program files\Enigma Software Group
2012-01-09 16:27 . 2012-01-09 16:27 -------- d-----w- c:\users\Kathi\AppData\Roaming\Malwarebytes
2012-01-09 16:26 . 2012-01-09 16:26 -------- d-----w- c:\programdata\Malwarebytes
2012-01-09 16:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 16:26 . 2012-01-09 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 07:59 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-09 07:59 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-09 07:59 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-09 07:59 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-09 07:59 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-09 07:59 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-01-09 07:59 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 19:24 . 2011-06-10 22:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 17:24 . 2011-10-19 05:17 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-11-21 10:47 . 2011-06-12 16:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 10:54 . 2011-06-11 12:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-19 04:48 . 2011-09-15 05:42 2027744 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-01-11 17:44 . 2011-06-10 22:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 2 (0x2)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0ac19252;MpKsl0ac19252;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C286789B-B38F-4F7B-8D31-03771D4C1157}\MpKsl0ac19252.sys [x]
R1 MpKsl17f321b5;MpKsl17f321b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C87533E-F3B5-4509-8B91-E8351A88B183}\MpKsl17f321b5.sys [x]
R1 MpKsl271ab0ef;MpKsl271ab0ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl271ab0ef.sys [x]
R1 MpKsl8395dea6;MpKsl8395dea6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl8395dea6.sys [x]
R1 MpKsla90fc25b;MpKsla90fc25b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6290BB-F904-4AAE-8381-1E156A791E00}\MpKsla90fc25b.sys [x]
R1 MpKslc16a69d2;MpKslc16a69d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{262E863A-46AF-4FED-99F1-958418F58C4E}\MpKslc16a69d2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 KinectCamera;Microsoft Kinect Camera Driver;c:\windows\system32\Drivers\kinectcamera.sys [2011-07-21 37248]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-07-05 31848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1343400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 MpKsla14f518d;MpKsla14f518d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\MpKsla14f518d.sys [2012-01-13 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft Research KinectSDK\Service\KinectManagementService.exe [2011-07-21 119808]
S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-07-05 31848]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-07-05 35944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66198936
*NewlyCreated* - MPKSLA14F518D
*NewlyCreated* - MPKSLBD2E964A
*Deregistered* - 66198936
*Deregistered* - MpKslbd2e964a
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = 143.215.131.206:3128
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
TCP: DhcpNameServer = 142.25.115.12 142.25.115.1
FF - ProfilePath - c:\users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\y0vv4hom.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1143421131-1780255174-1783343726-1000\Software\SecuROM\License information*]
"datasecu"=hex:33,bc,6b,e5,e7,4c,22,ed,29,00,0a,a5,f4,9b,1b,d5,35,bb,b3,11,b9,
7f,d4,50,96,f7,fc,ec,f8,19,14,79,48,94,26,ee,e6,d4,fa,ab,a9,94,7f,72,4f,cb,\
"rkeysecu"=hex:a6,fd,05,f2,8b,55,28,4b,82,ab,b1,4d,e6,7f,72,92
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1784)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-01-13 16:59:42
ComboFix-quarantined-files.txt 2012-01-13 21:59
.
Vor Suchlauf: 10 Verzeichnis(se), 55.983.071.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 55.891.742.720 Bytes frei
.
- - End Of File - - 444C88861B4E8D2E3BBA1A38A267768E
|
|
14.01.2012, 14:12
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter 4 und Win 7 Home Security eingefangen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Spyhunter 4 und Win 7 Home Security eingefangen |
| bho, bonjour, converter, defender, desktop, download, entfernen, error, firefox, helper, home, internet, internet explorer, malware, mp3, nicht sicher, programme, registry, scan, security, senden, server, sicherheit, software, updates, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
