| |
| |||||||
Log-Analyse und Auswertung: searchqu.com/406 + evtl. ADWARE/Adware.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.01.2012, 09:02
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  searchqu.com/406 + evtl. ADWARE/Adware.GenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2012, 11:50
| #17 |
 | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne,
__________________nächstes OTL-Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2012 11:39:22 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tomousagi\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 69,14% Memory free 7,75 Gb Paging File | 5,78 Gb Available in Paging File | 74,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 185,45 Gb Total Space | 112,67 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Drive D: | 280,21 Gb Total Space | 280,12 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 4,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOMOUSAGI-PC | User Name: Tomousagi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.21 10:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tomousagi\Desktop\OTL.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011.07.07 13:42:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.01.13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.21 12:53:56 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe PRC - [2010.10.21 12:53:48 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe ========== Modules (No Company Name) ========== MOD - [2011.03.01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2011.03.01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2011.03.01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2011.03.01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2011.03.01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll MOD - [2011.01.13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll MOD - [2011.01.13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.07.06 17:50:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011.07.07 13:42:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.07 13:42:24 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.07 13:42:24 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.04.01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC) DRV:64bit: - [2011.04.01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 12:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 12:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.07.06 17:55:00 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.07.06 17:50:00 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.07.06 17:50:00 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.07.06 17:50:00 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.08.23 22:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 26 DF 90 54 BF CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\11.0.696.57\gcswf32.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\11.0.696.57\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\11.0.696.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\11.0.696.57\gears.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar" File not found O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{195A84B3-A3E4-400A-9695-03CE0C8C11E3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.30 11:22:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.01.30 11:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012.01.28 09:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.01.26 20:33:00 | 000,000,000 | ---D | C] -- C:\Users\Tomousagi\AppData\Roaming\Malwarebytes [2012.01.26 20:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.26 20:32:56 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.26 20:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.26 20:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.21 10:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.01.21 10:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.01.21 10:34:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tomousagi\Desktop\OTL.exe [2012.01.21 08:00:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\~1 [2012.01.21 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Tomousagi\AppData\Local\Ilivid Player [2012.01.21 07:47:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0 [2012.01.21 07:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.01.01 01:27:24 | 000,000,000 | ---D | C] -- C:\Users\Tomousagi\Desktop\Tomoko 2 [2 C:\Users\Tomousagi\Desktop\*.tmp files -> C:\Users\Tomousagi\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.30 11:41:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.30 10:01:26 | 000,022,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.30 10:01:26 | 000,022,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.30 09:59:22 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.30 09:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.30 09:53:56 | 3119,915,008 | -HS- | M] () -- C:\hiberfil.sys [2012.01.29 10:59:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.01.26 20:32:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.24 00:33:17 | 000,028,746 | ---- | M] () -- C:\Users\Tomousagi\Desktop\hanamomiji08-img186x249-1286941799harmfy19606.gif [2012.01.23 22:55:43 | 000,010,508 | ---- | M] () -- C:\Users\Tomousagi\Desktop\385553_10150431787997308_553767307_8642389_1238437363_a.jpg [2012.01.21 11:09:04 | 000,013,662 | ---- | M] () -- C:\Users\Tomousagi\Desktop\OTL.zip [2012.01.21 11:08:44 | 000,006,202 | ---- | M] () -- C:\Users\Tomousagi\Desktop\Extras.zip [2012.01.21 11:05:23 | 000,005,032 | ---- | M] () -- C:\Users\Tomousagi\Desktop\Extras.7z [2012.01.21 11:04:33 | 000,011,057 | ---- | M] () -- C:\Users\Tomousagi\Desktop\OTL.7z [2012.01.21 10:34:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tomousagi\Desktop\OTL.exe [2012.01.21 10:31:56 | 000,050,477 | ---- | M] () -- C:\Users\Tomousagi\Desktop\Defogger.exe [2012.01.21 10:29:40 | 000,000,000 | ---- | M] () -- C:\Users\Tomousagi\defogger_reenable [2012.01.21 10:27:08 | 000,050,477 | ---- | M] () -- C:\Users\Tomousagi\Desktop\Defogger (1).exe [2012.01.21 07:54:46 | 000,000,355 | ---- | M] () -- C:\Users\Tomousagi\Desktop\Computer - Verknüpfung.lnk [2012.01.21 07:47:15 | 000,000,117 | ---- | M] () -- C:\Users\Public\Desktop\Chat with fTalk.url [2012.01.21 07:11:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.01.20 02:25:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.20 02:25:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.20 02:25:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.20 02:25:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.20 02:25:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.09 11:15:35 | 220,618,127 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 C:\Users\Tomousagi\Desktop\*.tmp files -> C:\Users\Tomousagi\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.26 20:32:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.24 00:33:59 | 000,028,746 | ---- | C] () -- C:\Users\Tomousagi\Desktop\hanamomiji08-img186x249-1286941799harmfy19606.gif [2012.01.23 22:56:09 | 000,010,508 | ---- | C] () -- C:\Users\Tomousagi\Desktop\385553_10150431787997308_553767307_8642389_1238437363_a.jpg [2012.01.21 11:09:04 | 000,013,662 | ---- | C] () -- C:\Users\Tomousagi\Desktop\OTL.zip [2012.01.21 11:08:44 | 000,006,202 | ---- | C] () -- C:\Users\Tomousagi\Desktop\Extras.zip [2012.01.21 11:05:23 | 000,005,032 | ---- | C] () -- C:\Users\Tomousagi\Desktop\Extras.7z [2012.01.21 11:04:33 | 000,011,057 | ---- | C] () -- C:\Users\Tomousagi\Desktop\OTL.7z [2012.01.21 10:32:03 | 000,050,477 | ---- | C] () -- C:\Users\Tomousagi\Desktop\Defogger.exe [2012.01.21 10:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Tomousagi\defogger_reenable [2012.01.21 10:27:15 | 000,050,477 | ---- | C] () -- C:\Users\Tomousagi\Desktop\Defogger (1).exe [2012.01.21 07:54:46 | 000,000,355 | ---- | C] () -- C:\Users\Tomousagi\Desktop\Computer - Verknüpfung.lnk [2012.01.21 07:47:15 | 000,000,117 | ---- | C] () -- C:\Users\Public\Desktop\Chat with fTalk.url [2012.01.21 07:11:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.25 06:54:05 | 000,000,000 | ---- | C] () -- C:\Users\Tomousagi\AppData\Local\{8344DDF5-AF68-443E-BC0D-7AB64AE15786} [2011.07.28 07:16:35 | 000,000,000 | ---- | C] () -- C:\Users\Tomousagi\AppData\Local\{8080FB7B-C519-40EE-89B6-F4F627D0B20F} [2011.07.14 21:48:10 | 000,000,000 | ---- | C] () -- C:\Users\Tomousagi\AppData\Local\{00242188-9EAA-4C93-90E4-9A774B8EE507} [2011.06.21 17:58:44 | 000,000,000 | ---- | C] () -- C:\Users\Tomousagi\AppData\Local\{D75D9EC4-3D61-48A8-84D1-A1BE2A90B762} [2011.05.06 13:49:12 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 17:15:54 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.05 16:56:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.12.22 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Babylon [2011.07.10 09:55:13 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\elsterformular [2011.05.05 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Leadertech [2011.12.22 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\SumatraPDF [2011.12.28 22:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Temp [2011.12.25 20:20:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.10 10:38:13 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Adobe [2011.05.06 09:37:24 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Apple Computer [2011.05.05 20:06:25 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\ATI [2011.06.25 19:53:56 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Avira [2011.12.22 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Babylon [2011.07.10 09:55:13 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\elsterformular [2011.05.05 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Identities [2011.05.28 22:29:26 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\KODAK AiO Home Center1981186635 [2011.05.05 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Leadertech [2011.05.05 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Macromedia [2012.01.26 20:33:00 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Malwarebytes [2010.11.21 08:00:36 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Media Center Programs [2012.01.22 20:05:07 | 000,000,000 | --SD | M] -- C:\Users\Tomousagi\AppData\Roaming\Microsoft [2012.01.29 12:15:29 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Skype [2012.01.29 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\skypePM [2011.12.22 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\SumatraPDF [2011.12.28 22:22:34 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\Temp [2011.11.01 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tomousagi\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.05.05 21:42:51 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tomousagi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2011.12.15 18:31:23 | 000,000,162 | -H-- | M] ()(C:\Users\Tomousagi\Desktop\~$11213)?...doc) -- C:\Users\Tomousagi\Desktop\~$11213)ベ...doc [2011.12.15 18:31:23 | 000,000,162 | -H-- | C] ()(C:\Users\Tomousagi\Desktop\~$11213)?...doc) -- C:\Users\Tomousagi\Desktop\~$11213)ベ...doc [2011.11.01 21:53:14 | 000,000,162 | -H-- | M] ()(C:\Users\Tomousagi\Desktop\~$??????????????????.docx) -- C:\Users\Tomousagi\Desktop\~$オプションと配送方法を選んでください.docx [2011.11.01 21:53:14 | 000,000,162 | -H-- | C] ()(C:\Users\Tomousagi\Desktop\~$??????????????????.docx) -- C:\Users\Tomousagi\Desktop\~$オプションと配送方法を選んでください.docx < End of report > Tomasi |
|
30.01.2012, 12:04
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 26 DF 90 54 BF CC 01 [binary data]
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
[2012.01.21 08:00:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\~1
[2012.01.21 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Tomousagi\AppData\Local\Ilivid Player
[2012.01.21 07:47:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
30.01.2012, 12:36
| #19 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, hier das Logfile nach Fix und automat. Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.
Folder C:\ProgramData\~1\ not found.
C:\Users\Tomousagi\AppData\Local\Ilivid Player folder moved successfully.
Folder C:\ProgramData\~0\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tomousagi
->Temp folder emptied: 1020191289 bytes
->Temporary Internet Files folder emptied: 1525740731 bytes
->Java cache emptied: 260570604 bytes
->Google Chrome cache emptied: 390181731 bytes
->Flash cache emptied: 22113 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105718051 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 339382862 bytes
Total Files Cleaned = 3.473,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01302012_122456
Files\Folders moved on Reboot...
C:\Users\Tomousagi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Danke + Grüße, Tomasi |
|
30.01.2012, 12:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 12:55
| #21 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Mach ich heute abend, spätestens morgen! |
|
30.01.2012, 20:38
| #22 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, hier das TDSS-Killer-Logfile: Code:
ATTFilter 20:32:34.0276 3824 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:32:34.0442 3824 ============================================================
20:32:34.0442 3824 Current date / time: 2012/01/30 20:32:34.0442
20:32:34.0442 3824 SystemInfo:
20:32:34.0442 3824
20:32:34.0443 3824 OS Version: 6.1.7601 ServicePack: 1.0
20:32:34.0443 3824 Product type: Workstation
20:32:34.0443 3824 ComputerName: TOMOUSAGI-PC
20:32:34.0443 3824 UserName: Tomousagi
20:32:34.0443 3824 Windows directory: C:\Windows
20:32:34.0443 3824 System windows directory: C:\Windows
20:32:34.0443 3824 Running under WOW64
20:32:34.0443 3824 Processor architecture: Intel x64
20:32:34.0443 3824 Number of processors: 4
20:32:34.0443 3824 Page size: 0x1000
20:32:34.0443 3824 Boot type: Normal boot
20:32:34.0443 3824 ============================================================
20:32:35.0495 3824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:32:35.0529 3824 \Device\Harddisk0\DR0:
20:32:35.0530 3824 MBR used
20:32:35.0530 3824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:32:35.0530 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x172E5800
20:32:35.0530 3824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17318000, BlocksNum 0x2306D800
20:32:35.0595 3824 Initialize success
20:32:35.0595 3824 ============================================================
20:34:08.0071 3904 ============================================================
20:34:08.0071 3904 Scan started
20:34:08.0071 3904 Mode: Manual; SigCheck; TDLFS;
20:34:08.0071 3904 ============================================================
20:34:08.0354 3904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:34:08.0477 3904 1394ohci - ok
20:34:08.0509 3904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:34:08.0526 3904 ACPI - ok
20:34:08.0546 3904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:34:08.0632 3904 AcpiPmi - ok
20:34:08.0738 3904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:34:08.0797 3904 adp94xx - ok
20:34:08.0827 3904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:34:08.0852 3904 adpahci - ok
20:34:08.0867 3904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:34:08.0887 3904 adpu320 - ok
20:34:08.0949 3904 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:34:09.0028 3904 AFD - ok
20:34:09.0055 3904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:34:09.0072 3904 agp440 - ok
20:34:09.0112 3904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:34:09.0126 3904 aliide - ok
20:34:09.0152 3904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:34:09.0166 3904 amdide - ok
20:34:09.0198 3904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:34:09.0234 3904 AmdK8 - ok
20:34:09.0383 3904 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
20:34:09.0665 3904 amdkmdag - ok
20:34:09.0743 3904 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys
20:34:09.0804 3904 amdkmdap - ok
20:34:09.0846 3904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:34:09.0875 3904 AmdPPM - ok
20:34:09.0921 3904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:34:09.0938 3904 amdsata - ok
20:34:09.0974 3904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:34:09.0994 3904 amdsbs - ok
20:34:10.0025 3904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:34:10.0039 3904 amdxata - ok
20:34:10.0093 3904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:34:10.0257 3904 AppID - ok
20:34:10.0298 3904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:34:10.0312 3904 arc - ok
20:34:10.0338 3904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:34:10.0352 3904 arcsas - ok
20:34:10.0383 3904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:34:10.0546 3904 AsyncMac - ok
20:34:10.0560 3904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:34:10.0567 3904 atapi - ok
20:34:10.0614 3904 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
20:34:10.0744 3904 athr - ok
20:34:10.0911 3904 atikmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys
20:34:10.0979 3904 atikmdag - ok
20:34:11.0022 3904 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:34:11.0098 3904 AtiPcie - ok
20:34:11.0136 3904 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
20:34:11.0148 3904 avgntflt - ok
20:34:11.0172 3904 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
20:34:11.0183 3904 avipbb - ok
20:34:11.0211 3904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:34:11.0280 3904 b06bdrv - ok
20:34:11.0322 3904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:34:11.0355 3904 b57nd60a - ok
20:34:11.0392 3904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:34:11.0434 3904 Beep - ok
20:34:11.0485 3904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:34:11.0517 3904 blbdrive - ok
20:34:11.0561 3904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:34:11.0638 3904 bowser - ok
20:34:11.0677 3904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:34:11.0731 3904 BrFiltLo - ok
20:34:11.0751 3904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:34:11.0769 3904 BrFiltUp - ok
20:34:11.0813 3904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:34:11.0874 3904 Brserid - ok
20:34:11.0908 3904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:34:11.0963 3904 BrSerWdm - ok
20:34:11.0997 3904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:34:12.0037 3904 BrUsbMdm - ok
20:34:12.0074 3904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:34:12.0107 3904 BrUsbSer - ok
20:34:12.0148 3904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:34:12.0211 3904 BTHMODEM - ok
20:34:12.0256 3904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:34:12.0316 3904 cdfs - ok
20:34:12.0345 3904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:34:12.0380 3904 cdrom - ok
20:34:12.0420 3904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:34:12.0483 3904 circlass - ok
20:34:12.0520 3904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:34:12.0538 3904 CLFS - ok
20:34:12.0597 3904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:34:12.0645 3904 CmBatt - ok
20:34:12.0678 3904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:34:12.0709 3904 cmdide - ok
20:34:12.0760 3904 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:34:12.0824 3904 CNG - ok
20:34:12.0852 3904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:34:12.0867 3904 Compbatt - ok
20:34:12.0891 3904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:34:12.0933 3904 CompositeBus - ok
20:34:12.0963 3904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:34:12.0978 3904 crcdisk - ok
20:34:13.0024 3904 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:34:13.0093 3904 CSC - ok
20:34:13.0132 3904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:34:13.0191 3904 DfsC - ok
20:34:13.0208 3904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:34:13.0250 3904 discache - ok
20:34:13.0292 3904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:34:13.0330 3904 Disk - ok
20:34:13.0369 3904 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:34:13.0437 3904 dmvsc - ok
20:34:13.0485 3904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:34:13.0532 3904 drmkaud - ok
20:34:13.0573 3904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:34:13.0606 3904 DXGKrnl - ok
20:34:13.0689 3904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:34:13.0839 3904 ebdrv - ok
20:34:13.0896 3904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:34:13.0954 3904 elxstor - ok
20:34:13.0976 3904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:34:14.0005 3904 ErrDev - ok
20:34:14.0050 3904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:34:14.0098 3904 exfat - ok
20:34:14.0114 3904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:34:14.0164 3904 fastfat - ok
20:34:14.0200 3904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:34:14.0242 3904 fdc - ok
20:34:14.0275 3904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:34:14.0292 3904 FileInfo - ok
20:34:14.0308 3904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:34:14.0367 3904 Filetrace - ok
20:34:14.0398 3904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:34:14.0433 3904 flpydisk - ok
20:34:14.0452 3904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:34:14.0481 3904 FltMgr - ok
20:34:14.0506 3904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:34:14.0522 3904 FsDepends - ok
20:34:14.0541 3904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:34:14.0555 3904 Fs_Rec - ok
20:34:14.0584 3904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:34:14.0601 3904 fvevol - ok
20:34:14.0605 3904 FXDrv32 - ok
20:34:14.0633 3904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:34:14.0645 3904 gagp30kx - ok
20:34:14.0692 3904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:34:14.0745 3904 hcw85cir - ok
20:34:14.0779 3904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:34:14.0838 3904 HdAudAddService - ok
20:34:14.0883 3904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:34:14.0939 3904 HDAudBus - ok
20:34:14.0968 3904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:34:15.0000 3904 HidBatt - ok
20:34:15.0020 3904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:34:15.0055 3904 HidBth - ok
20:34:15.0091 3904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:34:15.0113 3904 HidIr - ok
20:34:15.0155 3904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:34:15.0209 3904 HidUsb - ok
20:34:15.0253 3904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:34:15.0270 3904 HpSAMD - ok
20:34:15.0309 3904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:34:15.0375 3904 HTTP - ok
20:34:15.0400 3904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:34:15.0407 3904 hwpolicy - ok
20:34:15.0439 3904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:34:15.0455 3904 i8042prt - ok
20:34:15.0500 3904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:34:15.0520 3904 iaStorV - ok
20:34:15.0541 3904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:34:15.0552 3904 iirsp - ok
20:34:15.0631 3904 IntcAzAudAddService (daecb75c7c2a4bdeafead19a6fd327c5) C:\Windows\system32\drivers\RTKVHD64.sys
20:34:15.0689 3904 IntcAzAudAddService - ok
20:34:15.0716 3904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:34:15.0726 3904 intelide - ok
20:34:15.0754 3904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:34:15.0795 3904 intelppm - ok
20:34:15.0829 3904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:34:15.0872 3904 IpFilterDriver - ok
20:34:15.0895 3904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:34:15.0929 3904 IPMIDRV - ok
20:34:15.0969 3904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:34:16.0066 3904 IPNAT - ok
20:34:16.0097 3904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:34:16.0191 3904 IRENUM - ok
20:34:16.0206 3904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:34:16.0220 3904 isapnp - ok
20:34:16.0253 3904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:34:16.0307 3904 iScsiPrt - ok
20:34:16.0345 3904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:34:16.0361 3904 kbdclass - ok
20:34:16.0376 3904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:34:16.0407 3904 kbdhid - ok
20:34:16.0463 3904 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:34:16.0481 3904 KSecDD - ok
20:34:16.0502 3904 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:34:16.0523 3904 KSecPkg - ok
20:34:16.0556 3904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:34:16.0620 3904 ksthunk - ok
20:34:16.0664 3904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:34:16.0706 3904 lltdio - ok
20:34:16.0746 3904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:34:16.0759 3904 LSI_FC - ok
20:34:16.0788 3904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:34:16.0801 3904 LSI_SAS - ok
20:34:16.0822 3904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:34:16.0834 3904 LSI_SAS2 - ok
20:34:16.0863 3904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:34:16.0877 3904 LSI_SCSI - ok
20:34:16.0903 3904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:34:16.0972 3904 luafv - ok
20:34:17.0022 3904 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
20:34:17.0075 3904 LVRS64 - ok
20:34:17.0170 3904 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:34:17.0312 3904 LVUVC64 - ok
20:34:17.0375 3904 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:34:17.0401 3904 MBAMProtector - ok
20:34:17.0441 3904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:34:17.0456 3904 megasas - ok
20:34:17.0489 3904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:34:17.0512 3904 MegaSR - ok
20:34:17.0545 3904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:34:17.0629 3904 Modem - ok
20:34:17.0658 3904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:34:17.0683 3904 monitor - ok
20:34:17.0720 3904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:34:17.0731 3904 mouclass - ok
20:34:17.0758 3904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:34:17.0783 3904 mouhid - ok
20:34:17.0802 3904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:34:17.0810 3904 mountmgr - ok
20:34:17.0839 3904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:34:17.0855 3904 mpio - ok
20:34:17.0872 3904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:34:17.0903 3904 mpsdrv - ok
20:34:17.0927 3904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:34:17.0956 3904 MRxDAV - ok
20:34:17.0995 3904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:34:18.0065 3904 mrxsmb - ok
20:34:18.0104 3904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:34:18.0129 3904 mrxsmb10 - ok
20:34:18.0143 3904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:34:18.0163 3904 mrxsmb20 - ok
20:34:18.0192 3904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:34:18.0207 3904 msahci - ok
20:34:18.0239 3904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:34:18.0280 3904 msdsm - ok
20:34:18.0317 3904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:34:18.0369 3904 Msfs - ok
20:34:18.0396 3904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:34:18.0472 3904 mshidkmdf - ok
20:34:18.0494 3904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:34:18.0504 3904 msisadrv - ok
20:34:18.0535 3904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:34:18.0580 3904 MSKSSRV - ok
20:34:18.0623 3904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:34:18.0666 3904 MSPCLOCK - ok
20:34:18.0692 3904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:34:18.0769 3904 MSPQM - ok
20:34:18.0802 3904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:34:18.0820 3904 MsRPC - ok
20:34:18.0834 3904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:34:18.0841 3904 mssmbios - ok
20:34:18.0859 3904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:34:18.0897 3904 MSTEE - ok
20:34:18.0932 3904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:34:18.0982 3904 MTConfig - ok
20:34:19.0007 3904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:34:19.0022 3904 Mup - ok
20:34:19.0069 3904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:34:19.0114 3904 NativeWifiP - ok
20:34:19.0155 3904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:34:19.0189 3904 NDIS - ok
20:34:19.0210 3904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:34:19.0253 3904 NdisCap - ok
20:34:19.0277 3904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:34:19.0322 3904 NdisTapi - ok
20:34:19.0367 3904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:34:19.0433 3904 Ndisuio - ok
20:34:19.0445 3904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:34:19.0521 3904 NdisWan - ok
20:34:19.0541 3904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:34:19.0613 3904 NDProxy - ok
20:34:19.0644 3904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:34:19.0726 3904 NetBIOS - ok
20:34:19.0755 3904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:34:19.0782 3904 NetBT - ok
20:34:19.0826 3904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:34:19.0839 3904 nfrd960 - ok
20:34:19.0865 3904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:34:19.0910 3904 Npfs - ok
20:34:19.0936 3904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:34:20.0002 3904 nsiproxy - ok
20:34:20.0065 3904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:34:20.0135 3904 Ntfs - ok
20:34:20.0143 3904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:34:20.0191 3904 Null - ok
20:34:20.0219 3904 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:34:20.0267 3904 nusb3hub - ok
20:34:20.0292 3904 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:34:20.0329 3904 nusb3xhc - ok
20:34:20.0367 3904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:34:20.0403 3904 nvraid - ok
20:34:20.0433 3904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:34:20.0452 3904 nvstor - ok
20:34:20.0483 3904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:34:20.0501 3904 nv_agp - ok
20:34:20.0527 3904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:34:20.0558 3904 ohci1394 - ok
20:34:20.0603 3904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:34:20.0638 3904 Parport - ok
20:34:20.0673 3904 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:34:20.0710 3904 partmgr - ok
20:34:20.0748 3904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:34:20.0777 3904 pci - ok
20:34:20.0811 3904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:34:20.0825 3904 pciide - ok
20:34:20.0852 3904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:34:20.0875 3904 pcmcia - ok
20:34:20.0895 3904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:34:20.0910 3904 pcw - ok
20:34:20.0939 3904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:34:21.0028 3904 PEAUTH - ok
20:34:21.0089 3904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:34:21.0132 3904 PptpMiniport - ok
20:34:21.0161 3904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:34:21.0202 3904 Processor - ok
20:34:21.0240 3904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:34:21.0296 3904 Psched - ok
20:34:21.0376 3904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:34:21.0474 3904 ql2300 - ok
20:34:21.0496 3904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:34:21.0511 3904 ql40xx - ok
20:34:21.0539 3904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:34:21.0572 3904 QWAVEdrv - ok
20:34:21.0597 3904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:34:21.0638 3904 RasAcd - ok
20:34:21.0684 3904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:34:21.0743 3904 RasAgileVpn - ok
20:34:21.0763 3904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:34:21.0807 3904 Rasl2tp - ok
20:34:21.0832 3904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:34:21.0876 3904 RasPppoe - ok
20:34:21.0909 3904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:34:21.0982 3904 RasSstp - ok
20:34:22.0005 3904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:34:22.0056 3904 rdbss - ok
20:34:22.0084 3904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:34:22.0099 3904 rdpbus - ok
20:34:22.0112 3904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:34:22.0139 3904 RDPCDD - ok
20:34:22.0174 3904 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:34:22.0216 3904 RDPDR - ok
20:34:22.0242 3904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:34:22.0310 3904 RDPENCDD - ok
20:34:22.0331 3904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:34:22.0357 3904 RDPREFMP - ok
20:34:22.0374 3904 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:34:22.0408 3904 RDPWD - ok
20:34:22.0435 3904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:34:22.0472 3904 rdyboost - ok
20:34:22.0527 3904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:34:22.0587 3904 rspndr - ok
20:34:22.0630 3904 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:34:22.0672 3904 RTL8167 - ok
20:34:22.0704 3904 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:34:22.0748 3904 s3cap - ok
20:34:22.0782 3904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:34:22.0800 3904 sbp2port - ok
20:34:22.0830 3904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:34:22.0888 3904 scfilter - ok
20:34:22.0925 3904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:34:22.0968 3904 secdrv - ok
20:34:23.0001 3904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:34:23.0045 3904 Serenum - ok
20:34:23.0081 3904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:34:23.0140 3904 Serial - ok
20:34:23.0172 3904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:34:23.0222 3904 sermouse - ok
20:34:23.0265 3904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:34:23.0284 3904 sffdisk - ok
20:34:23.0301 3904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:34:23.0336 3904 sffp_mmc - ok
20:34:23.0356 3904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:34:23.0390 3904 sffp_sd - ok
20:34:23.0422 3904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:34:23.0461 3904 sfloppy - ok
20:34:23.0502 3904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:34:23.0518 3904 SiSRaid2 - ok
20:34:23.0532 3904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:34:23.0549 3904 SiSRaid4 - ok
20:34:23.0587 3904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:34:23.0644 3904 Smb - ok
20:34:23.0675 3904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:34:23.0686 3904 spldr - ok
20:34:23.0737 3904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:34:23.0819 3904 srv - ok
20:34:23.0842 3904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:34:23.0898 3904 srv2 - ok
20:34:23.0922 3904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:34:23.0960 3904 srvnet - ok
20:34:24.0006 3904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:34:24.0021 3904 stexstor - ok
20:34:24.0043 3904 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:34:24.0059 3904 storflt - ok
20:34:24.0090 3904 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:34:24.0106 3904 storvsc - ok
20:34:24.0133 3904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:34:24.0147 3904 swenum - ok
20:34:24.0234 3904 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:34:24.0315 3904 Tcpip - ok
20:34:24.0364 3904 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:34:24.0393 3904 TCPIP6 - ok
20:34:24.0415 3904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:34:24.0456 3904 tcpipreg - ok
20:34:24.0481 3904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:34:24.0525 3904 TDPIPE - ok
20:34:24.0549 3904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:34:24.0579 3904 TDTCP - ok
20:34:24.0596 3904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:34:24.0627 3904 tdx - ok
20:34:24.0644 3904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:34:24.0655 3904 TermDD - ok
20:34:24.0688 3904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:34:24.0729 3904 tssecsrv - ok
20:34:24.0754 3904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:34:24.0809 3904 TsUsbFlt - ok
20:34:24.0839 3904 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:34:24.0857 3904 TsUsbGD - ok
20:34:24.0883 3904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:34:24.0934 3904 tunnel - ok
20:34:24.0970 3904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:34:24.0982 3904 uagp35 - ok
20:34:25.0002 3904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:34:25.0050 3904 udfs - ok
20:34:25.0088 3904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:34:25.0100 3904 uliagpkx - ok
20:34:25.0130 3904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:34:25.0176 3904 umbus - ok
20:34:25.0210 3904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:34:25.0260 3904 UmPass - ok
20:34:25.0316 3904 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:34:25.0375 3904 usbaudio - ok
20:34:25.0410 3904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:34:25.0459 3904 usbccgp - ok
20:34:25.0485 3904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:34:25.0524 3904 usbcir - ok
20:34:25.0555 3904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:34:25.0593 3904 usbehci - ok
20:34:25.0623 3904 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
20:34:25.0648 3904 usbfilter - ok
20:34:25.0698 3904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:34:25.0779 3904 usbhub - ok
20:34:25.0808 3904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:34:25.0851 3904 usbohci - ok
20:34:25.0892 3904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:34:25.0951 3904 usbprint - ok
20:34:25.0997 3904 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:34:26.0042 3904 usbscan - ok
20:34:26.0068 3904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:34:26.0123 3904 USBSTOR - ok
20:34:26.0148 3904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:34:26.0190 3904 usbuhci - ok
20:34:26.0233 3904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:34:26.0247 3904 vdrvroot - ok
20:34:26.0278 3904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:34:26.0298 3904 vga - ok
20:34:26.0316 3904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:34:26.0361 3904 VgaSave - ok
20:34:26.0395 3904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:34:26.0434 3904 vhdmp - ok
20:34:26.0465 3904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:34:26.0479 3904 viaide - ok
20:34:26.0502 3904 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:34:26.0524 3904 vmbus - ok
20:34:26.0549 3904 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:34:26.0576 3904 VMBusHID - ok
20:34:26.0605 3904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:34:26.0625 3904 volmgr - ok
20:34:26.0654 3904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:34:26.0671 3904 volmgrx - ok
20:34:26.0699 3904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:34:26.0718 3904 volsnap - ok
20:34:26.0738 3904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:34:26.0753 3904 vsmraid - ok
20:34:26.0771 3904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:34:26.0822 3904 vwifibus - ok
20:34:26.0848 3904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:34:26.0884 3904 vwififlt - ok
20:34:26.0923 3904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:34:26.0970 3904 WacomPen - ok
20:34:27.0003 3904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:27.0057 3904 WANARP - ok
20:34:27.0075 3904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:34:27.0102 3904 Wanarpv6 - ok
20:34:27.0141 3904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:34:27.0152 3904 Wd - ok
20:34:27.0176 3904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:34:27.0211 3904 Wdf01000 - ok
20:34:27.0244 3904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:34:27.0272 3904 WfpLwf - ok
20:34:27.0287 3904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:34:27.0298 3904 WIMMount - ok
20:34:27.0365 3904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:34:27.0430 3904 WinUsb - ok
20:34:27.0469 3904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:34:27.0505 3904 WmiAcpi - ok
20:34:27.0554 3904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:34:27.0596 3904 ws2ifsl - ok
20:34:27.0629 3904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:34:27.0676 3904 WudfPf - ok
20:34:27.0713 3904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:34:27.0761 3904 WUDFRd - ok
20:34:27.0803 3904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:34:27.0937 3904 \Device\Harddisk0\DR0 - ok
20:34:27.0944 3904 Boot (0x1200) (6c91306d7c2619ca4ee4a2d0b7e570d2) \Device\Harddisk0\DR0\Partition0
20:34:27.0946 3904 \Device\Harddisk0\DR0\Partition0 - ok
20:34:27.0981 3904 Boot (0x1200) (67e7a54e661b255925487cfd37399600) \Device\Harddisk0\DR0\Partition1
20:34:27.0982 3904 \Device\Harddisk0\DR0\Partition1 - ok
20:34:27.0998 3904 Boot (0x1200) (e5aa31c4ede570b906e709a1974073ea) \Device\Harddisk0\DR0\Partition2
20:34:27.0999 3904 \Device\Harddisk0\DR0\Partition2 - ok
20:34:27.0999 3904 ============================================================
20:34:27.0999 3904 Scan finished
20:34:27.0999 3904 ============================================================
20:34:28.0011 3104 Detected object count: 0
20:34:28.0011 3104 Actual detected object count: 0
Tomasi |
|
30.01.2012, 22:11
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 13:53
| #24 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, hier ist das ComboFix-Log, danke fürs Anschauen! Code:
ATTFilter ComboFix 12-01-31.01 - Tomousagi 01.02.2012 13:38:59.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3967.2788 [GMT 1:00]
ausgeführt von:: c:\users\Tomousagi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-01 bis 2012-02-01 ))))))))))))))))))))))))))))))
.
.
2012-02-01 12:42 . 2012-02-01 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 11:24 . 2012-01-30 11:24 -------- d-----w- C:\_OTL
2012-01-30 10:22 . 2012-01-30 10:22 -------- d-----w- c:\windows\system32\appmgmt
2012-01-30 10:21 . 2012-01-30 10:21 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-28 08:13 . 2012-01-28 08:13 -------- d-----w- c:\program files (x86)\ESET
2012-01-26 19:33 . 2012-01-26 19:33 -------- d-----w- c:\users\Tomousagi\AppData\Roaming\Malwarebytes
2012-01-26 19:32 . 2012-01-26 19:32 -------- d-----w- c:\programdata\Malwarebytes
2012-01-26 19:32 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-26 19:32 . 2012-01-26 19:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-21 09:53 . 2012-01-21 09:53 -------- d-----w- c:\program files (x86)\7-Zip
2012-01-21 06:46 . 2012-01-21 06:46 -------- d-----w- c:\programdata\boost_interprocess
2012-01-11 21:06 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 21:06 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 21:06 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 21:06 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 21:06 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 21:06 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 21:06 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 21:06 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 07:58 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 07:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 07:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 08:11 . 2011-07-12 18:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53 . 2011-12-14 12:16 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:16 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:16 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:16 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:16 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FXDrv32;FXDrv32;E:\FXDrv64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 21:08]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-05 21:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 10821224]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page =
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-01 13:47:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-01 12:47
.
Vor Suchlauf: 8 Verzeichnis(se), 124.270.587.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 123.987.787.776 Bytes frei
.
- - End Of File - - 6B23304078B6CE80E4836FA71C772F4B
Viele Grüße, Tomasi |
|
01.02.2012, 14:49
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2012, 20:20
| #26 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, aswMBR stürzt beim Scannen immer ab. (Egal, ob Antivir und Firewall ein- oder ausgeschaltet sind.) Es hängt sich jedes Mal an dieser Scan-Stelle auf: C:\Windows\assembly\GAC_MSIL\Microsoft.Visualstudio.Tools.Applications Hmmm? Viele Grüße, Tomasi |
|
02.02.2012, 13:28
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Probier es bitte im abgesicherten Modus aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2012, 20:30
| #28 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, auch im abgesicherten Modus hängt sich's auf. Wieder an der oben genannten Stelle. Mist. Viele Grüße, Tomasi |
|
04.02.2012, 13:40
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | searchqu.com/406 + evtl. ADWARE/Adware.Gen Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2012, 20:55
| #30 |
| | searchqu.com/406 + evtl. ADWARE/Adware.Gen Hallo Arne, hier bitte sehr: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000001fc
Kernel Drivers (total 193):
0x03018000 \SystemRoot\system32\ntoskrnl.exe
0x03601000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C68000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C75000 \SystemRoot\system32\PSHED.dll
0x00C89000 \SystemRoot\system32\CLFS.SYS
0x00CE7000 \SystemRoot\system32\CI.dll
0x00ECD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F71000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F80000 \SystemRoot\system32\drivers\ACPI.sys
0x00FD7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FE0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\drivers\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\drivers\pciide.sys
0x00FEA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DA7000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DC1000 \SystemRoot\system32\drivers\atapi.sys
0x00DCA000 \SystemRoot\system32\drivers\ataport.SYS
0x00DF4000 \SystemRoot\system32\drivers\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00C4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01028000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012D6000 \SystemRoot\System32\Drivers\msrpc.sys
0x01334000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0134F000 \SystemRoot\System32\Drivers\cng.sys
0x013C1000 \SystemRoot\System32\drivers\pcw.sys
0x013D2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01462000 \SystemRoot\system32\drivers\ndis.sys
0x01555000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016B7000 \SystemRoot\System32\drivers\tcpip.sys
0x018BB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01905000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01915000 \SystemRoot\system32\drivers\volsnap.sys
0x01961000 \SystemRoot\System32\Drivers\spldr.sys
0x01969000 \SystemRoot\System32\drivers\rdyboost.sys
0x019A3000 \SystemRoot\System32\Drivers\mup.sys
0x019B5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019BE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\drivers\disk.sys
0x01616000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01646000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01684000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x016AE000 \SystemRoot\System32\Drivers\Null.SYS
0x019F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x015E0000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01425000 \SystemRoot\System32\drivers\watchdog.sys
0x01435000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0143E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01447000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01450000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x013DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0120D000 \SystemRoot\system32\drivers\afd.sys
0x040C6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0410B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04116000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0411F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04145000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0415B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0416A000 \SystemRoot\system32\DRIVERS\serial.sys
0x04187000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x041A2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04051000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0405D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04068000 \SystemRoot\System32\drivers\discache.sys
0x02C73000 \SystemRoot\system32\drivers\csc.sys
0x02CF6000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D14000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02D25000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02D49000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02D6F000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02D84000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048E5000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03EC4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03FB8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E57000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x03E88000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E8A000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x03E97000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04F8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03EA2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03EB3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0502D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05185000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05192000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051A2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x051B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x051DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04824000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04853000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04874000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0501B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x051E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0488E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x051F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0489D000 \SystemRoot\system32\DRIVERS\ks.sys
0x04FE5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02DBA000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x02C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02C5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0643E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06685000 \SystemRoot\system32\drivers\portcls.sys
0x066C2000 \SystemRoot\system32\drivers\drmk.sys
0x066E4000 \SystemRoot\system32\drivers\ksthunk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x066EA000 \SystemRoot\System32\drivers\Dxapi.sys
0x066F6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06704000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06710000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06719000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0672C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06749000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06757000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06770000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06779000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06786000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06794000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x067A2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x067BD000 \SystemRoot\system32\drivers\luafv.sys
0x067E0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x06400000 \SystemRoot\system32\drivers\WudfPf.sys
0x06421000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0383B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0388E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x038A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x038B9000 \SystemRoot\system32\drivers\HTTP.sys
0x03982000 \SystemRoot\system32\DRIVERS\bowser.sys
0x039A0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x039B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04077000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06AB7000 \SystemRoot\system32\drivers\peauth.sys
0x06B5D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B68000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B99000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C3B000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CD3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06D04000 \??\C:\Windows\system32\drivers\mbam.sys
0x06D7F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77150000 \Windows\System32\ntdll.dll
0x48180000 \Windows\System32\smss.exe
0xFF470000 \Windows\System32\apisetschema.dll
0xFF650000 \Windows\System32\autochk.exe
0xFF450000 \Windows\System32\nsi.dll
0x77320000 \Windows\System32\normaliz.dll
0x77000000 \Windows\System32\urlmon.dll
0xFF370000 \Windows\System32\oleaut32.dll
0xFF2D0000 \Windows\System32\msvcrt.dll
0x76EA0000 \Windows\System32\wininet.dll
0x76D80000 \Windows\System32\kernel32.dll
0x77310000 \Windows\System32\psapi.dll
0xFF0C0000 \Windows\System32\ole32.dll
0xFF020000 \Windows\System32\clbcatq.dll
0xFEF10000 \Windows\System32\msctf.dll
0xFEE90000 \Windows\System32\difxapi.dll
0x76B70000 \Windows\System32\iertutil.dll
0xFEE60000 \Windows\System32\imm32.dll
0xFEDF0000 \Windows\System32\gdi32.dll
0xFEDA0000 \Windows\System32\ws2_32.dll
0xFED20000 \Windows\System32\shlwapi.dll
0xFDF90000 \Windows\System32\shell32.dll
0xFDF80000 \Windows\System32\lpk.dll
0xFDE50000 \Windows\System32\rpcrt4.dll
0xFDDF0000 \Windows\System32\Wldap32.dll
0xFDD10000 \Windows\System32\advapi32.dll
0xFDC40000 \Windows\System32\usp10.dll
0x76A70000 \Windows\System32\user32.dll
0xFDA60000 \Windows\System32\setupapi.dll
0xFD9C0000 \Windows\System32\comdlg32.dll
0xFD9A0000 \Windows\System32\imagehlp.dll
0xFD980000 \Windows\System32\sechost.dll
0xFD8E0000 \Windows\System32\comctl32.dll
0xFD870000 \Windows\System32\KernelBase.dll
0xFD700000 \Windows\System32\crypt32.dll
0xFD6C0000 \Windows\System32\cfgmgr32.dll
0xFD680000 \Windows\System32\wintrust.dll
0xFD660000 \Windows\System32\devobj.dll
0xFD650000 \Windows\System32\msasn1.dll
0x75140000 \Windows\SysWOW64\normaliz.dll
Processes (total 61):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
412 csrss.exe
476 C:\Windows\System32\wininit.exe
500 csrss.exe
532 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\atiesrxx.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
288 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
484 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\atieclxx.exe
1192 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\spoolsv.exe
1360 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1392 C:\Windows\System32\svchost.exe
1524 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1668 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1712 C:\Windows\System32\svchost.exe
1772 C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
1836 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1856 C:\Windows\System32\conhost.exe
1896 C:\Windows\System32\svchost.exe
2636 C:\Windows\System32\svchost.exe
2660 WUDFHost.exe
1136 C:\Windows\System32\dwm.exe
2244 C:\Windows\System32\taskhost.exe
2276 C:\Windows\explorer.exe
792 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
320 C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
988 C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
3032 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2292 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
204 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
2732 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2300 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3088 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3240 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3516 C:\Windows\System32\SearchIndexer.exe
3700 C:\Program Files\Windows Media Player\wmpnetwk.exe
3876 C:\Windows\System32\svchost.exe
2568 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1648 C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
2080 C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
2804 C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\chrome.exe
3012 C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\chrome.exe
1316 C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\chrome.exe
4052 C:\Windows\SysWOW64\rundll32.exe
1072 C:\Users\Tomousagi\AppData\Local\Google\Chrome\Application\chrome.exe
2528 C:\Windows\System32\audiodg.exe
3548 C:\Users\Tomousagi\Desktop\MBRCheck.exe
3572 C:\Windows\System32\conhost.exe
2736 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e`63000000 (NTFS)
PhysicalDrive0 Model Number: WDCWD5000AAKX-001CA0, Rev: 15.01H15
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Tomasi |
|
| Themen zu searchqu.com/406 + evtl. ADWARE/Adware.Gen |
| adware/adware.gen, anhang, aufrufe, beim starten, browser, chat, dateien, desktop, download, eigenschaften, erneute, helfer, hilfe!, icreinstall, installiert, liebe, nicht mehr, nichts, papierkorb, quarantäne, schei, schließe, starte, starten, vermutlich, verschoben, zwischen |
Linear-Darstellung
