| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google leitet um, und ist Langsam..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
01.03.2012, 21:52
| #1 |
 |  Google leitet um, und ist Langsam.. Hallo, liebes Trojaner-Team, bin über Google auf Euch gestoßen, aber erst beim dritten Anlauf (Klick). Genau das ist auch mein Problem: der bekannte Redirect-Virus. Symptome sind genau wie bei einem Forumsmitglied: Google-Suchergebnisse werden korrekt angezeigt, der Aufruf der Seiten führt jedoch zunächst zwei- bis dreimal auf irgendwelche Werbeseiten. Ich habe nach einigem Forschen folgende Schritte durchgeführt: 1. sinnlose oder unbekannte Add-On-Einstellungen deaktiviert 2. in den LAN-Einstellungen alle Häkchen entfernt 3. in der Host-Datei einen überflüssigen Eintrag entfernt (auf hxxp://www.sicherpc.net/malware/wie-man-das-google-redirect-virus-problem-browser-entfuhrer-lost steht genau, wie sie auszusehen hat). Außerdem habe ich mit "Malwarebytes" und "Spy Doctor" gescannt. "Malwarebytes" fand überhaupt nichts, "Spy Doctor" zeigte mir lediglich ein paar Cookies (obwohl ich alle gelöscht hatte) von harmlosen Seiten, die ich öfter benutze. Auf meinem PC läuft Win 7 (32bit). die ganzen anderen Programme die ich benutzt hab, haben logs erstellt, die hab ich mal angehangen. Redirect-Problem ist nach wie vor da, und ich glaube, dass nun "Combofix" die einzige Lösung ist. Ihr warnt ja davor, das einfach auf eigene Faust zu benutzen, deshalb wende ich mich hilfesuchend an Euch. Gruß Xellar Hier noch ein Paar logfiles: Hijackthis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:56:03, on 01.03.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\Dwm.exe C:\Program Files\Trend Micro\HiJackThis\Hijackthis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [FILSHtray] "C:\Program Files\FILSHtray\FILSHtray.exe" O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- End of file - 3021 bytes ( mit dem Such vorschlägen von hier aus dem http://www.trojaner-board.de/109631-...tml#post770680 ) Code:
ATTFilter OTL logfile created on: 28.02.2012 17:23:23 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\PC\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 34,20% Memory free 3,00 Gb Paging File | 1,75 Gb Available in Paging File | 58,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 29,27 Gb Free Space | 39,28% Space Free | Partition Type: NTFS Drive F: | 7,47 Gb Total Space | 7,02 Gb Free Space | 94,03% Space Free | Partition Type: FAT32 Computer Name: PC1 | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 6B 33 B2 C6 F2 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.07 13:38:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.19 23:15:30 | 000,000,000 | ---D | M] [2012.02.08 18:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2012.02.23 16:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions [2012.02.12 15:52:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions\de_DE@dicts.j3e.de [2012.02.08 18:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012.02.18 13:17:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.02.27 18:57:38 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{556A1582-8442-4FF5-9B45-83D6F2EB182F}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.28 17:25:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.28 17:22:47 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.02.28 17:10:39 | 001,083,264 | ---- | C] (Nokia) -- C:\Users\PC\Desktop\NokiaSuite.exe [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.28 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.28 16:54:00 | 000,733,264 | ---- | C] (Google Inc.) -- C:\Users\PC\Desktop\ChromeSetup.exe [2012.02.28 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\BlazeVideo [2012.02.28 16:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music DVD Creator [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BlazeVideo [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\BlazeVideo [2012.02.27 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jtag Tool [2012.02.27 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Coolshrimp [2012.02.27 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\J-Runner [2012.02.26 16:03:30 | 000,011,936 | ---- | C] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.26 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AutoGG 0.2.9g [2012.02.25 14:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.02.25 14:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.02.25 14:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.02.25 14:21:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\HP [2012.02.25 11:40:06 | 000,000,000 | R--D | C] -- C:\Users\PC\XBOX 360 [2012.02.24 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\abgx360 [2012.02.22 18:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.22 18:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abgx360 [2012.02.22 18:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\abgx360 [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:47:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\admigro [2012.02.20 20:46:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Foxit Software [2012.02.20 17:43:48 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Neuer Ordner [2012.02.20 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Nokia Suite [2012.02.19 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\NokiaAccount [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Nokia [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Nokia [2012.02.19 23:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012.02.19 23:16:19 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.02.19 23:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012.02.19 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.02.19 23:14:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2012.02.19 23:14:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.02.19 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012.02.19 23:14:10 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\WinRAR [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2012.02.17 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.02.17 10:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2012.02.15 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\NVIDIA [2012.02.15 20:52:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.02.14 22:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Google [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.02.12 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Trillian [2012.02.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian [2012.02.10 22:10:05 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\FILSH_Media_GmbH [2012.02.10 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\FILSHtray [2012.02.10 22:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray [2012.02.10 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\FILSHtray [2012.02.10 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.02.10 22:07:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.02.10 22:07:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2012.02.10 22:07:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2012.02.10 22:07:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2012.02.09 17:33:23 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TeamViewer [2012.02.09 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.02.09 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2012.02.09 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.02.08 21:15:49 | 000,000,000 | R--D | C] -- C:\Users\PC\Dropbox [2012.02.08 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.02.08 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Dropbox [2012.02.08 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.02.08 19:39:21 | 006,350,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2012.02.08 19:39:21 | 003,840,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2012.02.08 19:39:21 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2012.02.08 19:39:21 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2012.02.08 19:39:21 | 000,123,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2012.02.08 19:39:20 | 000,602,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2012.02.08 19:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.02.08 19:38:25 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.02.08 19:38:25 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.02.08 19:38:25 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.02.08 19:38:25 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.02.08 19:38:25 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012.02.08 19:38:25 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.02.08 19:38:25 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.02.08 19:38:25 | 000,919,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012.02.08 19:38:25 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2012.02.08 19:38:25 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.02.08 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.02.08 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe [2012.02.08 19:07:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.08 19:06:17 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.08 19:06:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012.02.08 19:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.02.08 19:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla [2012.02.08 18:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.02.08 18:50:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\ElevatedDiagnostics [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.02.08 18:49:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities [2012.02.08 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts [2012.02.08 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Vorlagen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Verlauf [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Startmenü [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Netzwerkumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Lokale Einstellungen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Videos [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Musik [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Eigene Dateien [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Bilder [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Druckumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Anwendungsdaten [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Anwendungsdaten [2012.02.08 18:49:08 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Music [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Links [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.02.08 18:49:08 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.02.08 18:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.02.08 18:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.02.08 18:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.02.08 18:24:54 | 000,000,000 | -HSD | C] -- C:\Boot [2012.02.07 14:03:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.02.07 13:29:53 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.02.06 23:52:35 | 000,000,000 | R--D | C] -- C:\Programme [2012.02.06 23:49:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.02.06 23:49:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen ========== Files - Modified Within 30 Days ========== [2012.02.28 17:25:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.28 17:22:48 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.02.28 17:07:02 | 000,002,949 | ---- | M] () -- C:\Users\PC\Desktop\HiJackThis.lnk [2012.02.28 17:06:26 | 001,402,880 | ---- | M] () -- C:\Users\PC\Desktop\HiJackThis.msi [2012.02.28 16:59:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.02.28 16:59:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.02.28 16:55:18 | 000,002,292 | ---- | M] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:54:00 | 000,733,264 | ---- | M] (Google Inc.) -- C:\Users\PC\Desktop\ChromeSetup.exe [2012.02.28 16:36:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.28 16:16:08 | 000,040,448 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 16:11:56 | 000,001,183 | ---- | M] () -- C:\Users\PC\Desktop\Music DVD Creator.lnk [2012.02.28 16:11:41 | 003,305,790 | ---- | M] ( ) -- C:\Users\PC\Desktop\MusicDVDCreatorSetup.exe [2012.02.28 16:03:36 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.28 16:03:36 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.28 16:03:36 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.28 16:03:36 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.28 15:58:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 15:58:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 15:53:42 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.28 15:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.28 15:53:12 | 1207,017,472 | -HS- | M] () -- C:\hiberfil.sys [2012.02.27 18:57:38 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.02.27 18:56:46 | 000,002,207 | ---- | M] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 18:51:02 | 042,164,213 | ---- | M] () -- C:\Users\PC\Desktop\Jtag-Tool-1.00-Reset-Glitch-Package-14699.rar [2012.02.27 00:49:31 | 000,001,281 | ---- | M] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:46:38 | 014,904,602 | ---- | M] () -- C:\Users\PC\Desktop\14719 Additional Pack.rar [2012.02.26 19:38:17 | 000,044,049 | ---- | M] () -- C:\Users\PC\Unbenannt.GIF [2012.02.26 16:03:30 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.25 15:59:20 | 000,011,864 | ---- | M] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | M] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | M] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | M] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:28 | 003,439,836 | ---- | M] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.13 00:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,037 | ---- | M] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:32:29 | 003,791,757 | ---- | M] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 21:14:13 | 000,001,011 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.08 21:13:55 | 000,000,995 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.08 19:27:56 | 000,001,360 | ---- | M] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:10:44 | 000,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\smsens.sys [2012.02.08 19:10:43 | 000,720,896 | ---- | M] (Sensaura Ltd) -- C:\Windows\System32\a3d.dll [2012.02.08 19:07:06 | 003,906,696 | ---- | M] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 19:06:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.08 19:03:34 | 010,975,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTLCPL.EXE [2012.02.08 19:03:34 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE [2012.02.08 19:03:33 | 019,036,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\ALSNDMGR.CPL [2012.02.08 19:03:33 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS [2012.02.08 19:03:33 | 002,510,368 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2012.02.08 19:03:33 | 000,965,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.02.08 19:03:33 | 000,154,144 | ---- | M] () -- C:\Windows\System32\RTLCPAPI.dll [2012.02.08 19:03:33 | 000,141,856 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCfg.dll [2012.02.08 19:03:33 | 000,141,016 | ---- | M] () -- C:\Windows\System32\ALSNDMGR.WAV [2012.02.08 19:03:30 | 000,223,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\Alcrmv.exe [2012.02.08 19:01:43 | 000,001,072 | ---- | M] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | M] () -- C:\w7ldr [2012.02.08 18:43:24 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.08 18:41:09 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.02.08 18:39:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:36:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.02.08 18:36:24 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.02.06 23:56:10 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK ========== Files Created - No Company Name ========== [2012.02.28 17:07:02 | 000,002,949 | ---- | C] () -- C:\Users\PC\Desktop\HiJackThis.lnk [2012.02.28 17:06:25 | 001,402,880 | ---- | C] () -- C:\Users\PC\Desktop\HiJackThis.msi [2012.02.28 16:55:18 | 000,002,292 | ---- | C] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:54:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.02.28 16:54:08 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.02.28 16:14:00 | 000,040,448 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 16:11:56 | 000,001,183 | ---- | C] () -- C:\Users\PC\Desktop\Music DVD Creator.lnk [2012.02.28 16:11:36 | 003,305,790 | ---- | C] ( ) -- C:\Users\PC\Desktop\MusicDVDCreatorSetup.exe [2012.02.27 18:56:46 | 000,002,207 | ---- | C] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 18:46:51 | 042,164,213 | ---- | C] () -- C:\Users\PC\Desktop\Jtag-Tool-1.00-Reset-Glitch-Package-14699.rar [2012.02.27 00:49:31 | 000,001,281 | ---- | C] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:45:56 | 014,904,602 | ---- | C] () -- C:\Users\PC\Desktop\14719 Additional Pack.rar [2012.02.26 19:37:48 | 000,044,049 | ---- | C] () -- C:\Users\PC\Unbenannt.GIF [2012.02.25 15:59:21 | 000,011,864 | ---- | C] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | C] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.22 18:20:44 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | C] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | C] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:08 | 003,439,836 | ---- | C] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.14 22:31:27 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.14 22:31:26 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.13 00:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,067 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2012.02.12 16:34:03 | 000,001,037 | ---- | C] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.02.09 17:31:36 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:31:07 | 003,791,757 | ---- | C] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 21:16:28 | 003,906,696 | ---- | C] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 21:14:13 | 000,001,011 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.08 21:13:55 | 000,000,995 | ---- | C] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.08 19:38:25 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012.02.08 19:27:56 | 000,001,360 | ---- | C] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:01:43 | 000,001,072 | ---- | C] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:49:42 | 000,001,409 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | C] () -- C:\w7ldr [2012.02.08 18:40:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.02.08 18:40:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.02.08 18:39:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:37:15 | 1207,017,472 | -HS- | C] () -- C:\hiberfil.sys [2012.02.08 18:36:24 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2012.02.08 18:25:00 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.02.08 18:24:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2012.02.07 00:48:38 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\System32\abgx360.exe ========== LOP Check ========== [2012.02.26 05:31:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\abgx360 [2012.02.28 15:54:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox [2012.02.23 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Foxit Software [2012.02.19 23:16:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Nokia [2012.02.19 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.02.09 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TeamViewer [2012.02.12 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Trillian [2009.07.14 05:53:46 | 000,021,796 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.28.04 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 PC :: PC1 [Administrator] 29.02.2012 20:48:39 mbam-log-2012-02-29 (20-48-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233018 Laufzeit: 21 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\PC\AppData\Local\Temp\5575.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Xellar |
|
02.03.2012, 01:36
| #2 |
| /// Selecta Jahrusso   | Google leitet um, und ist Langsam.. Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner nächsten Antwort TDSSKiller Log
__________________ |
|
02.03.2012, 06:17
| #3 |
| | Google leitet um, und ist Langsam.. TDSS LOG:
__________________Code:
ATTFilter 06:16:08.0780 1684 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
06:16:08.0857 1684 ============================================================
06:16:08.0857 1684 Current date / time: 2012/03/02 06:16:08.0857
06:16:08.0857 1684 SystemInfo:
06:16:08.0857 1684
06:16:08.0857 1684 OS Version: 6.1.7600 ServicePack: 0.0
06:16:08.0857 1684 Product type: Workstation
06:16:08.0857 1684 ComputerName: PC1
06:16:08.0858 1684 UserName: PC
06:16:08.0858 1684 Windows directory: C:\Windows
06:16:08.0858 1684 System windows directory: C:\Windows
06:16:08.0858 1684 Processor architecture: Intel x86
06:16:08.0858 1684 Number of processors: 2
06:16:08.0858 1684 Page size: 0x1000
06:16:08.0858 1684 Boot type: Normal boot
06:16:08.0858 1684 ============================================================
06:16:10.0839 1684 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:16:10.0844 1684 Drive \Device\Harddisk1\DR1 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:16:10.0846 1684 \Device\Harddisk0\DR0:
06:16:10.0846 1684 MBR used
06:16:10.0846 1684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
06:16:10.0846 1684 \Device\Harddisk1\DR1:
06:16:10.0847 1684 MBR used
06:16:10.0847 1684 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEF7FDE
06:16:10.0870 1684 Initialize success
06:16:10.0870 1684 ============================================================
06:16:19.0615 2712 ============================================================
06:16:19.0615 2712 Scan started
06:16:19.0615 2712 Mode: Manual;
06:16:19.0615 2712 ============================================================
06:16:20.0820 2712 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
06:16:20.0832 2712 1394ohci - ok
06:16:20.0911 2712 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
06:16:20.0919 2712 ACPI - ok
06:16:21.0001 2712 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
06:16:21.0003 2712 AcpiPmi - ok
06:16:21.0097 2712 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
06:16:21.0116 2712 adp94xx - ok
06:16:21.0171 2712 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
06:16:21.0181 2712 adpahci - ok
06:16:21.0217 2712 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
06:16:21.0226 2712 adpu320 - ok
06:16:21.0334 2712 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\Windows\system32\drivers\aeaudio.sys
06:16:21.0336 2712 aeaudio - ok
06:16:21.0402 2712 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
06:16:21.0427 2712 AFD - ok
06:16:21.0479 2712 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
06:16:21.0481 2712 agp440 - ok
06:16:21.0510 2712 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
06:16:21.0513 2712 aic78xx - ok
06:16:21.0809 2712 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
06:16:21.0934 2712 ALCXWDM - ok
06:16:22.0135 2712 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
06:16:22.0137 2712 aliide - ok
06:16:22.0167 2712 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
06:16:22.0169 2712 amdagp - ok
06:16:22.0199 2712 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
06:16:22.0201 2712 amdide - ok
06:16:22.0241 2712 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
06:16:22.0243 2712 AmdK8 - ok
06:16:22.0281 2712 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
06:16:22.0285 2712 AmdPPM - ok
06:16:22.0321 2712 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
06:16:22.0324 2712 amdsata - ok
06:16:22.0360 2712 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
06:16:22.0366 2712 amdsbs - ok
06:16:22.0398 2712 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
06:16:22.0399 2712 amdxata - ok
06:16:22.0443 2712 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
06:16:22.0445 2712 AppID - ok
06:16:22.0515 2712 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
06:16:22.0518 2712 arc - ok
06:16:22.0547 2712 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
06:16:22.0552 2712 arcsas - ok
06:16:22.0770 2712 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
06:16:22.0776 2712 AsyncMac - ok
06:16:22.0815 2712 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
06:16:22.0816 2712 atapi - ok
06:16:22.0906 2712 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
06:16:22.0923 2712 b06bdrv - ok
06:16:22.0967 2712 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:16:22.0973 2712 b57nd60x - ok
06:16:23.0017 2712 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
06:16:23.0018 2712 Beep - ok
06:16:23.0066 2712 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
06:16:23.0068 2712 blbdrive - ok
06:16:23.0092 2712 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
06:16:23.0095 2712 bowser - ok
06:16:23.0133 2712 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:16:23.0135 2712 BrFiltLo - ok
06:16:23.0161 2712 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:16:23.0163 2712 BrFiltUp - ok
06:16:23.0342 2712 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
06:16:23.0352 2712 BridgeMP - ok
06:16:23.0421 2712 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
06:16:23.0430 2712 Brserid - ok
06:16:23.0471 2712 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
06:16:23.0477 2712 BrSerWdm - ok
06:16:23.0510 2712 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:16:23.0511 2712 BrUsbMdm - ok
06:16:23.0542 2712 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
06:16:23.0544 2712 BrUsbSer - ok
06:16:23.0579 2712 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
06:16:23.0582 2712 BTHMODEM - ok
06:16:23.0716 2712 catchme - ok
06:16:23.0831 2712 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
06:16:23.0837 2712 cdfs - ok
06:16:23.0893 2712 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
06:16:23.0909 2712 cdrom - ok
06:16:23.0948 2712 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
06:16:23.0950 2712 circlass - ok
06:16:23.0992 2712 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
06:16:23.0999 2712 CLFS - ok
06:16:24.0061 2712 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
06:16:24.0063 2712 CmBatt - ok
06:16:24.0093 2712 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
06:16:24.0095 2712 cmdide - ok
06:16:24.0160 2712 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
06:16:24.0177 2712 CNG - ok
06:16:24.0206 2712 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
06:16:24.0208 2712 Compbatt - ok
06:16:24.0240 2712 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:16:24.0242 2712 CompositeBus - ok
06:16:24.0270 2712 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
06:16:24.0272 2712 crcdisk - ok
06:16:24.0467 2712 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
06:16:24.0483 2712 CSC - ok
06:16:24.0563 2712 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
06:16:24.0566 2712 DfsC - ok
06:16:24.0612 2712 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
06:16:24.0617 2712 discache - ok
06:16:24.0708 2712 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
06:16:24.0709 2712 Disk - ok
06:16:24.0789 2712 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
06:16:24.0791 2712 drmkaud - ok
06:16:24.0865 2712 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
06:16:24.0908 2712 DXGKrnl - ok
06:16:25.0190 2712 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
06:16:25.0295 2712 ebdrv - ok
06:16:25.0378 2712 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
06:16:25.0398 2712 elxstor - ok
06:16:25.0437 2712 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
06:16:25.0438 2712 ErrDev - ok
06:16:25.0517 2712 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
06:16:25.0521 2712 exfat - ok
06:16:25.0561 2712 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
06:16:25.0566 2712 fastfat - ok
06:16:25.0720 2712 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
06:16:25.0722 2712 fdc - ok
06:16:25.0773 2712 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
06:16:25.0774 2712 FileInfo - ok
06:16:25.0801 2712 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
06:16:25.0803 2712 Filetrace - ok
06:16:25.0822 2712 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
06:16:25.0824 2712 flpydisk - ok
06:16:25.0866 2712 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
06:16:25.0871 2712 FltMgr - ok
06:16:25.0927 2712 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
06:16:25.0930 2712 FsDepends - ok
06:16:25.0951 2712 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
06:16:25.0953 2712 Fs_Rec - ok
06:16:26.0000 2712 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
06:16:26.0004 2712 fvevol - ok
06:16:26.0033 2712 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:16:26.0036 2712 gagp30kx - ok
06:16:26.0107 2712 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
06:16:26.0110 2712 hcw85cir - ok
06:16:26.0143 2712 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:16:26.0153 2712 HDAudBus - ok
06:16:26.0171 2712 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
06:16:26.0174 2712 HidBatt - ok
06:16:26.0213 2712 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
06:16:26.0223 2712 HidBth - ok
06:16:26.0282 2712 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
06:16:26.0285 2712 HidIr - ok
06:16:26.0480 2712 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
06:16:26.0482 2712 HidUsb - ok
06:16:26.0570 2712 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
06:16:26.0574 2712 HpSAMD - ok
06:16:26.0721 2712 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
06:16:26.0744 2712 HTTP - ok
06:16:26.0803 2712 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
06:16:26.0805 2712 hwpolicy - ok
06:16:26.0849 2712 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
06:16:26.0851 2712 i8042prt - ok
06:16:26.0941 2712 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
06:16:26.0958 2712 iaStorV - ok
06:16:27.0020 2712 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
06:16:27.0022 2712 iirsp - ok
06:16:27.0089 2712 inpout32 (f08ebaf4493e99f4f095a4f7696287d4) C:\Windows\system32\Drivers\inpout32.sys
06:16:27.0090 2712 inpout32 - ok
06:16:27.0135 2712 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
06:16:27.0136 2712 intelide - ok
06:16:27.0176 2712 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
06:16:27.0177 2712 intelppm - ok
06:16:27.0208 2712 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:16:27.0210 2712 IpFilterDriver - ok
06:16:27.0249 2712 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:16:27.0251 2712 IPMIDRV - ok
06:16:27.0272 2712 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
06:16:27.0277 2712 IPNAT - ok
06:16:27.0310 2712 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
06:16:27.0312 2712 IRENUM - ok
06:16:27.0348 2712 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
06:16:27.0350 2712 isapnp - ok
06:16:27.0381 2712 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
06:16:27.0386 2712 iScsiPrt - ok
06:16:27.0417 2712 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:16:27.0419 2712 kbdclass - ok
06:16:27.0459 2712 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
06:16:27.0464 2712 kbdhid - ok
06:16:27.0514 2712 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
06:16:27.0516 2712 KSecDD - ok
06:16:27.0618 2712 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
06:16:27.0621 2712 KSecPkg - ok
06:16:27.0747 2712 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
06:16:27.0749 2712 lltdio - ok
06:16:27.0820 2712 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:16:27.0823 2712 LSI_FC - ok
06:16:27.0848 2712 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:16:27.0853 2712 LSI_SAS - ok
06:16:27.0894 2712 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:16:27.0897 2712 LSI_SAS2 - ok
06:16:27.0927 2712 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:16:27.0931 2712 LSI_SCSI - ok
06:16:27.0962 2712 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
06:16:27.0966 2712 luafv - ok
06:16:28.0000 2712 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
06:16:28.0003 2712 megasas - ok
06:16:28.0037 2712 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
06:16:28.0043 2712 MegaSR - ok
06:16:28.0083 2712 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
06:16:28.0084 2712 Modem - ok
06:16:28.0113 2712 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
06:16:28.0115 2712 monitor - ok
06:16:28.0144 2712 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
06:16:28.0147 2712 mouclass - ok
06:16:28.0188 2712 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
06:16:28.0191 2712 mouhid - ok
06:16:28.0228 2712 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
06:16:28.0231 2712 mountmgr - ok
06:16:28.0259 2712 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
06:16:28.0264 2712 mpio - ok
06:16:28.0296 2712 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
06:16:28.0299 2712 mpsdrv - ok
06:16:28.0338 2712 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
06:16:28.0341 2712 MRxDAV - ok
06:16:28.0371 2712 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:16:28.0375 2712 mrxsmb - ok
06:16:28.0416 2712 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:16:28.0421 2712 mrxsmb10 - ok
06:16:28.0513 2712 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:16:28.0516 2712 mrxsmb20 - ok
06:16:28.0550 2712 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
06:16:28.0554 2712 msahci - ok
06:16:28.0590 2712 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
06:16:28.0593 2712 msdsm - ok
06:16:28.0666 2712 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
06:16:28.0692 2712 Msfs - ok
06:16:28.0727 2712 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
06:16:28.0730 2712 mshidkmdf - ok
06:16:28.0755 2712 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
06:16:28.0756 2712 msisadrv - ok
06:16:28.0804 2712 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
06:16:28.0806 2712 MSKSSRV - ok
06:16:28.0839 2712 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
06:16:28.0840 2712 MSPCLOCK - ok
06:16:28.0870 2712 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
06:16:28.0872 2712 MSPQM - ok
06:16:28.0915 2712 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
06:16:28.0920 2712 MsRPC - ok
06:16:28.0963 2712 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
06:16:28.0965 2712 mssmbios - ok
06:16:28.0991 2712 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
06:16:28.0992 2712 MSTEE - ok
06:16:29.0015 2712 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
06:16:29.0019 2712 MTConfig - ok
06:16:29.0051 2712 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
06:16:29.0053 2712 Mup - ok
06:16:29.0108 2712 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
06:16:29.0124 2712 NativeWifiP - ok
06:16:29.0244 2712 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
06:16:29.0268 2712 NDIS - ok
06:16:29.0318 2712 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
06:16:29.0320 2712 NdisCap - ok
06:16:29.0350 2712 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
06:16:29.0352 2712 NdisTapi - ok
06:16:29.0377 2712 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
06:16:29.0381 2712 Ndisuio - ok
06:16:29.0410 2712 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
06:16:29.0414 2712 NdisWan - ok
06:16:29.0436 2712 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
06:16:29.0439 2712 NDProxy - ok
06:16:29.0475 2712 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
06:16:29.0477 2712 NetBIOS - ok
06:16:29.0545 2712 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
06:16:29.0550 2712 NetBT - ok
06:16:29.0664 2712 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
06:16:29.0725 2712 netr28u - ok
06:16:29.0791 2712 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
06:16:29.0794 2712 nfrd960 - ok
06:16:29.0911 2712 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
06:16:29.0914 2712 nmwcd - ok
06:16:29.0967 2712 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
06:16:29.0969 2712 nmwcdc - ok
06:16:30.0007 2712 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
06:16:30.0009 2712 Npfs - ok
06:16:30.0047 2712 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
06:16:30.0049 2712 nsiproxy - ok
06:16:30.0122 2712 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
06:16:30.0164 2712 Ntfs - ok
06:16:30.0203 2712 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
06:16:30.0204 2712 Null - ok
06:16:30.0581 2712 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:16:30.0671 2712 nvlddmkm - ok
06:16:30.0749 2712 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
06:16:30.0752 2712 nvraid - ok
06:16:30.0782 2712 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
06:16:30.0787 2712 nvstor - ok
06:16:30.0826 2712 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
06:16:30.0830 2712 nv_agp - ok
06:16:30.0862 2712 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
06:16:30.0865 2712 ohci1394 - ok
06:16:30.0984 2712 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
06:16:30.0986 2712 Parport - ok
06:16:31.0012 2712 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
06:16:31.0014 2712 partmgr - ok
06:16:31.0039 2712 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
06:16:31.0041 2712 Parvdm - ok
06:16:31.0125 2712 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
06:16:31.0126 2712 pccsmcfd - ok
06:16:31.0175 2712 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
06:16:31.0180 2712 pci - ok
06:16:31.0208 2712 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
06:16:31.0210 2712 pciide - ok
06:16:31.0252 2712 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
06:16:31.0257 2712 pcmcia - ok
06:16:31.0287 2712 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
06:16:31.0288 2712 pcw - ok
06:16:31.0335 2712 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
06:16:31.0353 2712 PEAUTH - ok
06:16:31.0471 2712 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
06:16:31.0473 2712 PptpMiniport - ok
06:16:31.0509 2712 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
06:16:31.0512 2712 Processor - ok
06:16:31.0579 2712 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
06:16:31.0583 2712 Psched - ok
06:16:31.0760 2712 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
06:16:31.0802 2712 ql2300 - ok
06:16:31.0831 2712 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
06:16:31.0835 2712 ql40xx - ok
06:16:31.0867 2712 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
06:16:31.0870 2712 QWAVEdrv - ok
06:16:31.0903 2712 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
06:16:31.0905 2712 RasAcd - ok
06:16:31.0962 2712 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:16:31.0964 2712 RasAgileVpn - ok
06:16:32.0014 2712 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:16:32.0017 2712 Rasl2tp - ok
06:16:32.0062 2712 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
06:16:32.0065 2712 RasPppoe - ok
06:16:32.0096 2712 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
06:16:32.0098 2712 RasSstp - ok
06:16:32.0134 2712 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
06:16:32.0140 2712 rdbss - ok
06:16:32.0170 2712 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
06:16:32.0172 2712 rdpbus - ok
06:16:32.0200 2712 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:16:32.0203 2712 RDPCDD - ok
06:16:32.0241 2712 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
06:16:32.0247 2712 RDPDR - ok
06:16:32.0271 2712 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
06:16:32.0274 2712 RDPENCDD - ok
06:16:32.0302 2712 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
06:16:32.0305 2712 RDPREFMP - ok
06:16:32.0345 2712 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
06:16:32.0351 2712 RDPWD - ok
06:16:32.0394 2712 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
06:16:32.0399 2712 rdyboost - ok
06:16:32.0470 2712 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
06:16:32.0472 2712 RivaTuner32 - ok
06:16:32.0614 2712 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
06:16:32.0616 2712 rspndr - ok
06:16:32.0638 2712 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
06:16:32.0641 2712 s3cap - ok
06:16:32.0739 2712 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
06:16:32.0742 2712 sbp2port - ok
06:16:32.0785 2712 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
06:16:32.0787 2712 scfilter - ok
06:16:32.0848 2712 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:16:32.0850 2712 secdrv - ok
06:16:32.0922 2712 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
06:16:32.0925 2712 Serenum - ok
06:16:32.0965 2712 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
06:16:32.0969 2712 Serial - ok
06:16:32.0989 2712 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
06:16:32.0993 2712 sermouse - ok
06:16:33.0074 2712 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
06:16:33.0076 2712 sffdisk - ok
06:16:33.0099 2712 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:16:33.0102 2712 sffp_mmc - ok
06:16:33.0138 2712 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
06:16:33.0140 2712 sffp_sd - ok
06:16:33.0167 2712 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
06:16:33.0171 2712 sfloppy - ok
06:16:33.0225 2712 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
06:16:33.0229 2712 sisagp - ok
06:16:33.0251 2712 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:16:33.0254 2712 SiSRaid2 - ok
06:16:33.0290 2712 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
06:16:33.0292 2712 SiSRaid4 - ok
06:16:33.0335 2712 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
06:16:33.0338 2712 Smb - ok
06:16:33.0409 2712 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\Windows\system32\drivers\smwdm.sys
06:16:33.0434 2712 smwdm - ok
06:16:33.0567 2712 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
06:16:33.0568 2712 spldr - ok
06:16:33.0629 2712 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
06:16:33.0646 2712 srv - ok
06:16:33.0721 2712 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
06:16:33.0738 2712 srv2 - ok
06:16:33.0770 2712 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
06:16:33.0773 2712 srvnet - ok
06:16:33.0820 2712 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
06:16:33.0823 2712 stexstor - ok
06:16:33.0861 2712 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
06:16:33.0863 2712 storflt - ok
06:16:33.0886 2712 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
06:16:33.0889 2712 storvsc - ok
06:16:33.0921 2712 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
06:16:33.0922 2712 swenum - ok
06:16:34.0030 2712 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
06:16:34.0064 2712 Tcpip - ok
06:16:34.0127 2712 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
06:16:34.0139 2712 TCPIP6 - ok
06:16:34.0177 2712 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
06:16:34.0179 2712 tcpipreg - ok
06:16:34.0214 2712 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
06:16:34.0216 2712 TDPIPE - ok
06:16:34.0241 2712 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
06:16:34.0248 2712 TDTCP - ok
06:16:34.0279 2712 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
06:16:34.0282 2712 tdx - ok
06:16:34.0417 2712 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
06:16:34.0419 2712 TermDD - ok
06:16:34.0508 2712 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:16:34.0511 2712 tssecsrv - ok
06:16:34.0559 2712 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
06:16:34.0563 2712 tunnel - ok
06:16:34.0590 2712 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
06:16:34.0595 2712 uagp35 - ok
06:16:34.0633 2712 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
06:16:34.0643 2712 udfs - ok
06:16:34.0730 2712 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
06:16:34.0732 2712 uliagpkx - ok
06:16:34.0770 2712 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
06:16:34.0771 2712 umbus - ok
06:16:34.0802 2712 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
06:16:34.0803 2712 UmPass - ok
06:16:34.0858 2712 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
06:16:34.0860 2712 upperdev - ok
06:16:34.0890 2712 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
06:16:34.0895 2712 usbccgp - ok
06:16:34.0931 2712 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
06:16:34.0934 2712 usbcir - ok
06:16:34.0966 2712 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
06:16:34.0968 2712 usbehci - ok
06:16:35.0013 2712 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
06:16:35.0022 2712 usbhub - ok
06:16:35.0141 2712 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
06:16:35.0145 2712 usbohci - ok
06:16:35.0166 2712 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
06:16:35.0169 2712 usbprint - ok
06:16:35.0209 2712 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
06:16:35.0213 2712 usbscan - ok
06:16:35.0260 2712 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
06:16:35.0263 2712 usbser - ok
06:16:35.0294 2712 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
06:16:35.0296 2712 UsbserFilt - ok
06:16:35.0331 2712 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:16:35.0333 2712 USBSTOR - ok
06:16:35.0352 2712 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
06:16:35.0355 2712 usbuhci - ok
06:16:35.0401 2712 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
06:16:35.0404 2712 vdrvroot - ok
06:16:35.0434 2712 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
06:16:35.0438 2712 vga - ok
06:16:35.0464 2712 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
06:16:35.0467 2712 VgaSave - ok
06:16:35.0514 2712 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
06:16:35.0519 2712 vhdmp - ok
06:16:35.0556 2712 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
06:16:35.0559 2712 viaagp - ok
06:16:35.0587 2712 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
06:16:35.0590 2712 ViaC7 - ok
06:16:35.0616 2712 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
06:16:35.0619 2712 viaide - ok
06:16:35.0695 2712 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
06:16:35.0700 2712 vmbus - ok
06:16:35.0736 2712 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
06:16:35.0738 2712 VMBusHID - ok
06:16:35.0772 2712 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
06:16:35.0773 2712 volmgr - ok
06:16:35.0811 2712 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
06:16:35.0828 2712 volmgrx - ok
06:16:35.0868 2712 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
06:16:35.0873 2712 volsnap - ok
06:16:35.0970 2712 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
06:16:35.0974 2712 vsmraid - ok
06:16:36.0051 2712 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
06:16:36.0053 2712 vwifibus - ok
06:16:36.0081 2712 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
06:16:36.0083 2712 vwififlt - ok
06:16:36.0134 2712 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
06:16:36.0136 2712 WacomPen - ok
06:16:36.0170 2712 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
06:16:36.0172 2712 WANARP - ok
06:16:36.0184 2712 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
06:16:36.0187 2712 Wanarpv6 - ok
06:16:36.0240 2712 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
06:16:36.0244 2712 Wd - ok
06:16:36.0285 2712 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
06:16:36.0292 2712 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
06:16:36.0292 2712 Wdf01000 - detected Virus.Win32.Rloader.a (0)
06:16:36.0373 2712 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
06:16:36.0375 2712 WfpLwf - ok
06:16:36.0397 2712 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
06:16:36.0401 2712 WIMMount - ok
06:16:36.0531 2712 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
06:16:36.0534 2712 WinUsb - ok
06:16:36.0563 2712 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:16:36.0566 2712 WmiAcpi - ok
06:16:36.0639 2712 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
06:16:36.0641 2712 ws2ifsl - ok
06:16:36.0712 2712 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
06:16:36.0715 2712 WudfPf - ok
06:16:36.0766 2712 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:16:36.0771 2712 WUDFRd - ok
06:16:36.0845 2712 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
06:16:36.0852 2712 yukonw7 - ok
06:16:36.0884 2712 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:16:36.0909 2712 \Device\Harddisk0\DR0 - ok
06:16:36.0917 2712 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
06:16:36.0927 2712 \Device\Harddisk1\DR1 - ok
06:16:36.0936 2712 Boot (0x1200) (da36a1f451ea7d40fe6e6d735ab9c98d) \Device\Harddisk0\DR0\Partition0
06:16:36.0939 2712 \Device\Harddisk0\DR0\Partition0 - ok
06:16:36.0951 2712 Boot (0x1200) (d928268faa9b75b1daec3ba8ee4c5d74) \Device\Harddisk1\DR1\Partition0
06:16:36.0953 2712 \Device\Harddisk1\DR1\Partition0 - ok
06:16:36.0957 2712 ============================================================
06:16:36.0957 2712 Scan finished
06:16:36.0957 2712 ============================================================
06:16:36.0990 2500 Detected object count: 1
06:16:36.0990 2500 Actual detected object count: 1
06:16:45.0136 2500 Wdf01000 ( Virus.Win32.Rloader.a ) - skipped by user
06:16:45.0137 2500 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Skip
|
|
02.03.2012, 15:32
| #4 |
| | Google leitet um, und ist Langsam.. So..ich komm gerade von der schule, und jetzt hab ich zeit. |
|
02.03.2012, 16:09
| #5 | |
| /// Selecta Jahrusso | Google leitet um, und ist Langsam.. Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort TDSSKiller Log Combofix.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
02.03.2012, 16:52
| #6 |
| | Google leitet um, und ist Langsam.. Danke! Funktioniert wieder alles wie es soll! ComboFix: Code:
ATTFilter ComboFix 12-03-01.02 - PC 02.03.2012 16:19:30.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1535.837 [GMT 1:00]
ausgeführt von:: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 15:27 . 2012-03-02 15:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64AB4681-FB2D-411F-9A77-E2DEBF6B15A7}\offreg.dll
2012-03-02 15:26 . 2012-03-02 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 15:12 . 2012-03-02 15:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-01 22:15 . 2012-03-01 22:15 -------- d-----w- c:\program files\CCleaner
2012-03-01 21:38 . 2012-03-01 21:38 -------- d-----w- c:\program files\RAMBooster.Net
2012-03-01 20:29 . 2012-03-01 20:29 -------- d-----w- C:\_OTL
2012-02-28 16:29 . 2012-02-28 16:29 -------- d-----w- c:\programdata\Malwarebytes
2012-02-28 16:29 . 2012-02-28 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-28 16:29 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 16:07 . 2012-02-28 16:07 -------- d-----w- c:\program files\Trend Micro
2012-02-28 15:11 . 2012-02-28 15:11 -------- d-----w- c:\programdata\BlazeVideo
2012-02-28 15:11 . 2012-02-28 15:11 -------- d-----w- c:\program files\BlazeVideo
2012-02-27 17:56 . 2012-02-27 17:56 -------- d-----w- c:\program files\Coolshrimp
2012-02-26 23:44 . 2012-02-26 23:49 -------- d-----w- c:\program files\J-Runner
2012-02-26 15:03 . 2012-02-26 15:03 11936 ----a-w- c:\windows\system32\drivers\inpout32.sys
2012-02-25 13:22 . 2012-02-25 13:24 -------- d-----w- c:\programdata\HP
2012-02-25 13:21 . 2012-02-25 13:21 -------- d-----w- c:\program files\HP
2012-02-22 17:19 . 2012-02-28 15:24 -------- d-----w- c:\program files\JDownloader
2012-02-22 17:17 . 2012-02-22 17:17 -------- d-----w- c:\program files\abgx360
2012-02-19 22:16 . 2012-02-19 22:16 -------- d-----w- c:\programdata\PC Suite
2012-02-19 22:15 . 2012-02-19 22:15 -------- d-----w- c:\programdata\Nokia
2012-02-19 22:15 . 2012-02-19 22:15 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-19 22:14 . 2012-02-19 22:14 -------- d-----w- c:\program files\DIFX
2012-02-19 22:14 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-19 22:14 . 2012-02-19 22:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-19 22:14 . 2012-02-19 22:14 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-19 22:14 . 2011-11-01 09:07 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-19 22:13 . 2012-02-19 22:15 -------- d-----w- c:\program files\Nokia
2012-02-17 09:03 . 2012-02-17 09:03 -------- d-----w- c:\program files\FileZilla FTP Client
2012-02-15 19:52 . 2012-02-17 16:41 -------- d-----w- c:\windows\system32\Adobe
2012-02-14 21:31 . 2012-02-14 21:34 -------- d-----w- c:\program files\Google
2012-02-12 15:33 . 2012-03-02 15:13 -------- d-----w- c:\program files\Trillian
2012-02-10 21:09 . 2012-02-10 21:09 -------- d-----w- c:\program files\FILSHtray
2012-02-10 21:07 . 2012-02-10 21:07 -------- d-----w- c:\program files\Microsoft.NET
2012-02-10 21:07 . 2012-03-01 19:48 -------- d-sh--w- c:\windows\Installer
2012-02-10 21:07 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-10 21:07 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-10 21:07 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-02-10 21:07 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-10 21:07 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-02-09 16:31 . 2012-02-09 16:31 -------- d-----w- c:\program files\TeamViewer
2012-02-09 16:00 . 2012-02-09 16:00 -------- d-----w- c:\program files\Foxit Software
2012-02-08 18:39 . 2012-02-08 18:39 -------- d-----w- c:\programdata\NVIDIA
2012-02-08 18:39 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-08 18:39 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-08 18:39 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-08 18:39 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-08 18:39 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2012-02-08 18:39 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-08 18:27 . 2012-02-08 18:27 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-02-08 18:07 . 2012-01-29 04:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 18:07 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64AB4681-FB2D-411F-9A77-E2DEBF6B15A7}\mpengine.dll
2012-02-08 18:06 . 2012-02-29 20:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 18:06 . 2012-02-08 18:06 -------- d-----w- c:\windows\system32\Macromed
2012-02-08 18:01 . 2012-02-08 18:01 -------- d-----w- c:\program files\Lavalys
2012-02-08 17:53 . 2012-02-28 15:03 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-08 17:49 . 2012-03-01 18:33 -------- d-----w- c:\users\PC
2012-02-08 17:36 . 2012-03-01 22:16 -------- d-----w- c:\windows\Panther
2012-02-08 17:24 . 2012-02-08 17:36 -------- d-----w- C:\Boot
2012-02-07 12:29 . 2012-02-07 12:29 -------- d-----w- C:\NVIDIA
2012-02-06 22:52 . 2012-02-08 16:11 -------- d-----r- C:\Programme
2012-02-06 22:49 . 2012-02-06 23:23 -------- d-----w- C:\Dokumente und Einstellungen
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 15:13 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-02-08 18:10 . 2003-06-02 12:42 578304 ----a-w- c:\windows\system32\drivers\smwdm.sys
2012-02-08 18:10 . 2003-03-13 17:34 100224 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-02-08 18:10 . 2003-03-13 14:40 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2012-02-08 18:10 . 2001-09-19 12:32 720896 ----a-w- c:\windows\system32\a3d.dll
2012-02-08 18:03 . 2009-04-14 14:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
2012-02-08 18:03 . 2009-04-14 14:43 10975264 ----a-w- c:\windows\system32\RTLCPL.EXE
2012-02-08 18:03 . 2009-06-19 02:45 4172832 ----a-w- c:\windows\system32\drivers\RTKVAC.SYS
2012-02-08 18:03 . 2009-04-14 14:43 965664 ----a-w- c:\windows\system32\RtkPgExt.dll
2012-02-08 18:03 . 2009-04-14 14:43 154144 ----a-w- c:\windows\system32\RTLCPAPI.dll
2012-02-08 18:03 . 2009-04-14 14:43 141856 ----a-w- c:\windows\system32\RtkCfg.dll
2012-02-08 18:03 . 2009-04-14 14:43 2510368 ----a-w- c:\windows\system32\RtkAPO.dll
2012-02-08 18:03 . 2009-04-14 14:43 19036704 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2012-02-08 18:03 . 2009-04-14 14:42 223776 ----a-w- c:\windows\Alcrmv.exe
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe
2012-02-18 12:17 . 2012-02-08 17:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2012-02-08 604704]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-14 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-14 136176]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2012-02-26 11936]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-14 21:31]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-14 21:31]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:54]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9061zevv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-83035008.sys
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1564)
c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02 16:32:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-02 15:32
ComboFix2.txt 2012-03-01 22:07
.
Vor Suchlauf: 13 Verzeichnis(se), 30.864.420.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 30.639.808.512 Bytes frei
.
- - End Of File - - 2A18547F01773581780C56C68D5DD7B1
Code:
ATTFilter 16:12:16.0246 2536 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
16:12:16.0325 2536 ============================================================
16:12:16.0325 2536 Current date / time: 2012/03/02 16:12:16.0325
16:12:16.0325 2536 SystemInfo:
16:12:16.0325 2536
16:12:16.0325 2536 OS Version: 6.1.7600 ServicePack: 0.0
16:12:16.0325 2536 Product type: Workstation
16:12:16.0326 2536 ComputerName: PC1
16:12:16.0326 2536 UserName: PC
16:12:16.0326 2536 Windows directory: C:\Windows
16:12:16.0326 2536 System windows directory: C:\Windows
16:12:16.0326 2536 Processor architecture: Intel x86
16:12:16.0326 2536 Number of processors: 2
16:12:16.0326 2536 Page size: 0x1000
16:12:16.0326 2536 Boot type: Normal boot
16:12:16.0326 2536 ============================================================
16:12:17.0564 2536 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:12:17.0570 2536 Drive \Device\Harddisk1\DR1 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:12:17.0572 2536 \Device\Harddisk0\DR0:
16:12:17.0572 2536 MBR used
16:12:17.0572 2536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
16:12:17.0572 2536 \Device\Harddisk1\DR1:
16:12:17.0573 2536 MBR used
16:12:17.0573 2536 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEF7FDE
16:12:17.0594 2536 Initialize success
16:12:17.0594 2536 ============================================================
16:12:28.0068 1520 ============================================================
16:12:28.0068 1520 Scan started
16:12:28.0068 1520 Mode: Manual;
16:12:28.0068 1520 ============================================================
16:12:28.0615 1520 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:12:28.0620 1520 1394ohci - ok
16:12:28.0672 1520 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:12:28.0680 1520 ACPI - ok
16:12:28.0715 1520 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:12:28.0717 1520 AcpiPmi - ok
16:12:28.0766 1520 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:12:28.0783 1520 adp94xx - ok
16:12:28.0832 1520 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:12:28.0848 1520 adpahci - ok
16:12:28.0897 1520 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:12:28.0902 1520 adpu320 - ok
16:12:28.0958 1520 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\Windows\system32\drivers\aeaudio.sys
16:12:28.0960 1520 aeaudio - ok
16:12:29.0024 1520 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
16:12:29.0041 1520 AFD - ok
16:12:29.0101 1520 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:12:29.0103 1520 agp440 - ok
16:12:29.0215 1520 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:12:29.0218 1520 aic78xx - ok
16:12:29.0396 1520 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
16:12:29.0524 1520 ALCXWDM - ok
16:12:29.0591 1520 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:12:29.0592 1520 aliide - ok
16:12:29.0624 1520 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:12:29.0625 1520 amdagp - ok
16:12:29.0655 1520 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:12:29.0658 1520 amdide - ok
16:12:29.0689 1520 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:12:29.0691 1520 AmdK8 - ok
16:12:29.0720 1520 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:12:29.0722 1520 AmdPPM - ok
16:12:29.0760 1520 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
16:12:29.0766 1520 amdsata - ok
16:12:29.0792 1520 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:12:29.0797 1520 amdsbs - ok
16:12:29.0822 1520 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
16:12:29.0826 1520 amdxata - ok
16:12:29.0874 1520 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:12:29.0875 1520 AppID - ok
16:12:29.0946 1520 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:12:29.0949 1520 arc - ok
16:12:30.0037 1520 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:12:30.0039 1520 arcsas - ok
16:12:30.0091 1520 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:30.0094 1520 AsyncMac - ok
16:12:30.0122 1520 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:12:30.0124 1520 atapi - ok
16:12:30.0187 1520 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:12:30.0205 1520 b06bdrv - ok
16:12:30.0249 1520 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:30.0254 1520 b57nd60x - ok
16:12:30.0306 1520 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:12:30.0309 1520 Beep - ok
16:12:30.0356 1520 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:30.0359 1520 blbdrive - ok
16:12:30.0392 1520 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
16:12:30.0399 1520 bowser - ok
16:12:30.0421 1520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:12:30.0423 1520 BrFiltLo - ok
16:12:30.0458 1520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:12:30.0460 1520 BrFiltUp - ok
16:12:30.0508 1520 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:12:30.0513 1520 BridgeMP - ok
16:12:30.0554 1520 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:12:30.0573 1520 Brserid - ok
16:12:30.0673 1520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:30.0676 1520 BrSerWdm - ok
16:12:30.0708 1520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:30.0709 1520 BrUsbMdm - ok
16:12:30.0741 1520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:30.0742 1520 BrUsbSer - ok
16:12:30.0776 1520 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:12:30.0780 1520 BTHMODEM - ok
16:12:30.0990 1520 catchme - ok
16:12:31.0053 1520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:31.0056 1520 cdfs - ok
16:12:31.0116 1520 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:12:31.0120 1520 cdrom - ok
16:12:31.0170 1520 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:12:31.0171 1520 circlass - ok
16:12:31.0306 1520 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:12:31.0314 1520 CLFS - ok
16:12:31.0383 1520 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:12:31.0385 1520 CmBatt - ok
16:12:31.0424 1520 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:12:31.0426 1520 cmdide - ok
16:12:31.0475 1520 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:12:31.0493 1520 CNG - ok
16:12:31.0520 1520 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:12:31.0522 1520 Compbatt - ok
16:12:31.0571 1520 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:12:31.0574 1520 CompositeBus - ok
16:12:31.0615 1520 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:12:31.0617 1520 crcdisk - ok
16:12:31.0681 1520 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:12:31.0697 1520 CSC - ok
16:12:31.0794 1520 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
16:12:31.0798 1520 DfsC - ok
16:12:31.0851 1520 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:12:31.0853 1520 discache - ok
16:12:31.0973 1520 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:12:31.0975 1520 Disk - ok
16:12:32.0061 1520 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:12:32.0063 1520 drmkaud - ok
16:12:32.0120 1520 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:32.0148 1520 DXGKrnl - ok
16:12:32.0284 1520 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:12:32.0380 1520 ebdrv - ok
16:12:32.0460 1520 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:12:32.0478 1520 elxstor - ok
16:12:32.0510 1520 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:12:32.0512 1520 ErrDev - ok
16:12:32.0565 1520 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:12:32.0569 1520 exfat - ok
16:12:32.0596 1520 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:12:32.0602 1520 fastfat - ok
16:12:32.0644 1520 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:12:32.0648 1520 fdc - ok
16:12:32.0689 1520 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:12:32.0692 1520 FileInfo - ok
16:12:32.0783 1520 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:12:32.0785 1520 Filetrace - ok
16:12:32.0807 1520 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:32.0809 1520 flpydisk - ok
16:12:32.0839 1520 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:12:32.0845 1520 FltMgr - ok
16:12:32.0896 1520 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:12:32.0899 1520 FsDepends - ok
16:12:32.0929 1520 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:32.0933 1520 Fs_Rec - ok
16:12:32.0981 1520 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
16:12:32.0988 1520 fvevol - ok
16:12:33.0023 1520 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:12:33.0027 1520 gagp30kx - ok
16:12:33.0103 1520 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:12:33.0106 1520 hcw85cir - ok
16:12:33.0141 1520 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:12:33.0146 1520 HDAudBus - ok
16:12:33.0188 1520 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:12:33.0189 1520 HidBatt - ok
16:12:33.0220 1520 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:12:33.0224 1520 HidBth - ok
16:12:33.0255 1520 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:12:33.0257 1520 HidIr - ok
16:12:33.0312 1520 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:12:33.0315 1520 HidUsb - ok
16:12:33.0385 1520 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:12:33.0388 1520 HpSAMD - ok
16:12:33.0515 1520 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:12:33.0538 1520 HTTP - ok
16:12:33.0566 1520 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:12:33.0570 1520 hwpolicy - ok
16:12:33.0623 1520 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:12:33.0626 1520 i8042prt - ok
16:12:33.0673 1520 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
16:12:33.0691 1520 iaStorV - ok
16:12:33.0744 1520 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:12:33.0747 1520 iirsp - ok
16:12:33.0822 1520 inpout32 (f08ebaf4493e99f4f095a4f7696287d4) C:\Windows\system32\Drivers\inpout32.sys
16:12:33.0823 1520 inpout32 - ok
16:12:33.0866 1520 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:12:33.0869 1520 intelide - ok
16:12:33.0925 1520 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:12:33.0929 1520 intelppm - ok
16:12:33.0966 1520 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:33.0972 1520 IpFilterDriver - ok
16:12:34.0014 1520 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:12:34.0016 1520 IPMIDRV - ok
16:12:34.0048 1520 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:12:34.0054 1520 IPNAT - ok
16:12:34.0115 1520 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:12:34.0118 1520 IRENUM - ok
16:12:34.0156 1520 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:12:34.0158 1520 isapnp - ok
16:12:34.0204 1520 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:12:34.0209 1520 iScsiPrt - ok
16:12:34.0247 1520 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:34.0250 1520 kbdclass - ok
16:12:34.0289 1520 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:34.0291 1520 kbdhid - ok
16:12:34.0396 1520 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:12:34.0399 1520 KSecDD - ok
16:12:34.0433 1520 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
16:12:34.0437 1520 KSecPkg - ok
16:12:34.0512 1520 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:34.0514 1520 lltdio - ok
16:12:34.0561 1520 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:12:34.0564 1520 LSI_FC - ok
16:12:34.0583 1520 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:12:34.0584 1520 LSI_SAS - ok
16:12:34.0619 1520 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:12:34.0622 1520 LSI_SAS2 - ok
16:12:34.0667 1520 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:12:34.0670 1520 LSI_SCSI - ok
16:12:34.0719 1520 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:12:34.0724 1520 luafv - ok
16:12:34.0764 1520 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:12:34.0767 1520 megasas - ok
16:12:34.0812 1520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:12:34.0820 1520 MegaSR - ok
16:12:34.0865 1520 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:12:34.0867 1520 Modem - ok
16:12:34.0896 1520 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:12:34.0898 1520 monitor - ok
16:12:34.0926 1520 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:12:34.0928 1520 mouclass - ok
16:12:34.0957 1520 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:12:34.0959 1520 mouhid - ok
16:12:34.0994 1520 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:12:34.0997 1520 mountmgr - ok
16:12:35.0028 1520 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:12:35.0032 1520 mpio - ok
16:12:35.0062 1520 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:12:35.0065 1520 mpsdrv - ok
16:12:35.0170 1520 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:12:35.0174 1520 MRxDAV - ok
16:12:35.0211 1520 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:35.0216 1520 mrxsmb - ok
16:12:35.0255 1520 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:35.0263 1520 mrxsmb10 - ok
16:12:35.0295 1520 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:35.0299 1520 mrxsmb20 - ok
16:12:35.0323 1520 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:12:35.0327 1520 msahci - ok
16:12:35.0380 1520 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:12:35.0385 1520 msdsm - ok
16:12:35.0447 1520 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:12:35.0449 1520 Msfs - ok
16:12:35.0485 1520 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:12:35.0486 1520 mshidkmdf - ok
16:12:35.0529 1520 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:12:35.0531 1520 msisadrv - ok
16:12:35.0586 1520 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:12:35.0588 1520 MSKSSRV - ok
16:12:35.0630 1520 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:35.0631 1520 MSPCLOCK - ok
16:12:35.0660 1520 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:12:35.0663 1520 MSPQM - ok
16:12:35.0697 1520 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:12:35.0702 1520 MsRPC - ok
16:12:35.0746 1520 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:12:35.0748 1520 mssmbios - ok
16:12:35.0773 1520 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:12:35.0776 1520 MSTEE - ok
16:12:35.0799 1520 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:12:35.0802 1520 MTConfig - ok
16:12:35.0844 1520 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:12:35.0847 1520 Mup - ok
16:12:35.0972 1520 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:12:35.0980 1520 NativeWifiP - ok
16:12:36.0060 1520 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:12:36.0083 1520 NDIS - ok
16:12:36.0113 1520 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:36.0116 1520 NdisCap - ok
16:12:36.0153 1520 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:36.0156 1520 NdisTapi - ok
16:12:36.0194 1520 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:36.0196 1520 Ndisuio - ok
16:12:36.0226 1520 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:36.0230 1520 NdisWan - ok
16:12:36.0259 1520 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:12:36.0263 1520 NDProxy - ok
16:12:36.0285 1520 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:12:36.0288 1520 NetBIOS - ok
16:12:36.0344 1520 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:12:36.0350 1520 NetBT - ok
16:12:36.0485 1520 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
16:12:36.0510 1520 netr28u - ok
16:12:36.0649 1520 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:12:36.0651 1520 nfrd960 - ok
16:12:36.0709 1520 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
16:12:36.0710 1520 nmwcd - ok
16:12:36.0750 1520 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
16:12:36.0751 1520 nmwcdc - ok
16:12:36.0790 1520 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:12:36.0795 1520 Npfs - ok
16:12:36.0846 1520 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:12:36.0849 1520 nsiproxy - ok
16:12:36.0940 1520 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
16:12:36.0981 1520 Ntfs - ok
16:12:37.0027 1520 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:12:37.0028 1520 Null - ok
16:12:37.0492 1520 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:12:37.0790 1520 nvlddmkm - ok
16:12:37.0947 1520 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
16:12:37.0950 1520 nvraid - ok
16:12:37.0988 1520 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
16:12:37.0994 1520 nvstor - ok
16:12:38.0033 1520 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:12:38.0036 1520 nv_agp - ok
16:12:38.0077 1520 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:12:38.0079 1520 ohci1394 - ok
16:12:38.0131 1520 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:12:38.0135 1520 Parport - ok
16:12:38.0168 1520 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:12:38.0171 1520 partmgr - ok
16:12:38.0203 1520 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:12:38.0205 1520 Parvdm - ok
16:12:38.0272 1520 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
16:12:38.0273 1520 pccsmcfd - ok
16:12:38.0306 1520 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:12:38.0311 1520 pci - ok
16:12:38.0346 1520 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:12:38.0348 1520 pciide - ok
16:12:38.0383 1520 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:12:38.0388 1520 pcmcia - ok
16:12:38.0426 1520 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:12:38.0429 1520 pcw - ok
16:12:38.0477 1520 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:12:38.0501 1520 PEAUTH - ok
16:12:38.0702 1520 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:12:38.0705 1520 PptpMiniport - ok
16:12:38.0749 1520 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:12:38.0750 1520 Processor - ok
16:12:38.0818 1520 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:12:38.0821 1520 Psched - ok
16:12:38.0901 1520 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:12:38.0943 1520 ql2300 - ok
16:12:38.0970 1520 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:12:38.0975 1520 ql40xx - ok
16:12:39.0013 1520 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:12:39.0015 1520 QWAVEdrv - ok
16:12:39.0044 1520 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:12:39.0046 1520 RasAcd - ok
16:12:39.0093 1520 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:39.0095 1520 RasAgileVpn - ok
16:12:39.0136 1520 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:39.0139 1520 Rasl2tp - ok
16:12:39.0193 1520 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:39.0196 1520 RasPppoe - ok
16:12:39.0235 1520 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:12:39.0238 1520 RasSstp - ok
16:12:39.0274 1520 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:12:39.0281 1520 rdbss - ok
16:12:39.0327 1520 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:12:39.0329 1520 rdpbus - ok
16:12:39.0348 1520 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:39.0352 1520 RDPCDD - ok
16:12:39.0398 1520 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:12:39.0403 1520 RDPDR - ok
16:12:39.0504 1520 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:12:39.0507 1520 RDPENCDD - ok
16:12:39.0545 1520 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:12:39.0547 1520 RDPREFMP - ok
16:12:39.0583 1520 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:12:39.0588 1520 RDPWD - ok
16:12:39.0633 1520 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:12:39.0639 1520 rdyboost - ok
16:12:39.0693 1520 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
16:12:39.0695 1520 RivaTuner32 - ok
16:12:39.0758 1520 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:12:39.0762 1520 rspndr - ok
16:12:39.0787 1520 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:12:39.0789 1520 s3cap - ok
16:12:39.0853 1520 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:12:39.0856 1520 sbp2port - ok
16:12:39.0899 1520 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:12:39.0901 1520 scfilter - ok
16:12:39.0955 1520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:12:39.0957 1520 secdrv - ok
16:12:40.0008 1520 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:12:40.0011 1520 Serenum - ok
16:12:40.0047 1520 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:12:40.0050 1520 Serial - ok
16:12:40.0080 1520 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:12:40.0083 1520 sermouse - ok
16:12:40.0156 1520 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:12:40.0159 1520 sffdisk - ok
16:12:40.0184 1520 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:12:40.0187 1520 sffp_mmc - ok
16:12:40.0219 1520 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:12:40.0221 1520 sffp_sd - ok
16:12:40.0250 1520 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:12:40.0252 1520 sfloppy - ok
16:12:40.0381 1520 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:12:40.0383 1520 sisagp - ok
16:12:40.0420 1520 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:12:40.0423 1520 SiSRaid2 - ok
16:12:40.0462 1520 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:12:40.0465 1520 SiSRaid4 - ok
16:12:40.0508 1520 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:12:40.0511 1520 Smb - ok
16:12:40.0590 1520 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\Windows\system32\drivers\smwdm.sys
16:12:40.0616 1520 smwdm - ok
16:12:40.0660 1520 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:12:40.0662 1520 spldr - ok
16:12:40.0728 1520 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
16:12:40.0744 1520 srv - ok
16:12:40.0787 1520 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
16:12:40.0805 1520 srv2 - ok
16:12:40.0843 1520 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
16:12:40.0846 1520 srvnet - ok
16:12:40.0896 1520 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:12:40.0899 1520 stexstor - ok
16:12:40.0943 1520 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:12:40.0947 1520 storflt - ok
16:12:40.0975 1520 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:12:40.0979 1520 storvsc - ok
16:12:41.0002 1520 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:12:41.0005 1520 swenum - ok
16:12:41.0188 1520 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
16:12:41.0228 1520 Tcpip - ok
16:12:41.0293 1520 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
16:12:41.0306 1520 TCPIP6 - ok
16:12:41.0358 1520 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:12:41.0360 1520 tcpipreg - ok
16:12:41.0420 1520 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:12:41.0422 1520 TDPIPE - ok
16:12:41.0470 1520 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:12:41.0472 1520 TDTCP - ok
16:12:41.0510 1520 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:12:41.0513 1520 tdx - ok
16:12:41.0557 1520 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:12:41.0561 1520 TermDD - ok
16:12:41.0631 1520 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:41.0634 1520 tssecsrv - ok
16:12:41.0681 1520 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:12:41.0685 1520 tunnel - ok
16:12:41.0721 1520 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:12:41.0725 1520 uagp35 - ok
16:12:41.0764 1520 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:12:41.0783 1520 udfs - ok
16:12:41.0869 1520 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:12:41.0872 1520 uliagpkx - ok
16:12:41.0909 1520 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:12:41.0912 1520 umbus - ok
16:12:42.0016 1520 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:12:42.0017 1520 UmPass - ok
16:12:42.0080 1520 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
16:12:42.0082 1520 upperdev - ok
16:12:42.0113 1520 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:42.0116 1520 usbccgp - ok
16:12:42.0154 1520 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:12:42.0157 1520 usbcir - ok
16:12:42.0180 1520 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
16:12:42.0183 1520 usbehci - ok
16:12:42.0236 1520 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
16:12:42.0246 1520 usbhub - ok
16:12:42.0281 1520 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:12:42.0282 1520 usbohci - ok
16:12:42.0311 1520 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:12:42.0314 1520 usbprint - ok
16:12:42.0366 1520 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:12:42.0368 1520 usbscan - ok
16:12:42.0416 1520 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
16:12:42.0417 1520 usbser - ok
16:12:42.0451 1520 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
16:12:42.0454 1520 UsbserFilt - ok
16:12:42.0503 1520 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:12:42.0505 1520 USBSTOR - ok
16:12:42.0531 1520 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
16:12:42.0534 1520 usbuhci - ok
16:12:42.0590 1520 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:12:42.0593 1520 vdrvroot - ok
16:12:42.0628 1520 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:42.0630 1520 vga - ok
16:12:42.0662 1520 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:12:42.0666 1520 VgaSave - ok
16:12:42.0704 1520 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:12:42.0711 1520 vhdmp - ok
16:12:42.0829 1520 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:12:42.0832 1520 viaagp - ok
16:12:42.0861 1520 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:12:42.0864 1520 ViaC7 - ok
16:12:42.0888 1520 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:12:42.0890 1520 viaide - ok
16:12:42.0927 1520 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:12:42.0932 1520 vmbus - ok
16:12:42.0975 1520 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:12:42.0977 1520 VMBusHID - ok
16:12:43.0003 1520 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:12:43.0007 1520 volmgr - ok
16:12:43.0049 1520 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:12:43.0058 1520 volmgrx - ok
16:12:43.0098 1520 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:12:43.0105 1520 volsnap - ok
16:12:43.0143 1520 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:12:43.0147 1520 vsmraid - ok
16:12:43.0191 1520 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:12:43.0193 1520 vwifibus - ok
16:12:43.0234 1520 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:12:43.0237 1520 vwififlt - ok
16:12:43.0291 1520 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:12:43.0292 1520 WacomPen - ok
16:12:43.0327 1520 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:43.0329 1520 WANARP - ok
16:12:43.0342 1520 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:43.0345 1520 Wanarpv6 - ok
16:12:43.0414 1520 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:12:43.0416 1520 Wd - ok
16:12:43.0463 1520 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
16:12:43.0480 1520 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
16:12:43.0485 1520 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
16:12:43.0485 1520 Wdf01000 - detected Virus.Win32.Rloader.a (0)
16:12:43.0645 1520 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:43.0648 1520 WfpLwf - ok
16:12:43.0677 1520 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:12:43.0680 1520 WIMMount - ok
16:12:43.0812 1520 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:12:43.0814 1520 WinUsb - ok
16:12:43.0861 1520 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:12:43.0863 1520 WmiAcpi - ok
16:12:43.0928 1520 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:12:43.0931 1520 ws2ifsl - ok
16:12:44.0001 1520 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:12:44.0004 1520 WudfPf - ok
16:12:44.0047 1520 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:44.0052 1520 WUDFRd - ok
16:12:44.0125 1520 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
16:12:44.0133 1520 yukonw7 - ok
16:12:44.0174 1520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:12:44.0207 1520 \Device\Harddisk0\DR0 - ok
16:12:44.0218 1520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:12:44.0232 1520 \Device\Harddisk1\DR1 - ok
16:12:44.0251 1520 Boot (0x1200) (da36a1f451ea7d40fe6e6d735ab9c98d) \Device\Harddisk0\DR0\Partition0
16:12:44.0254 1520 \Device\Harddisk0\DR0\Partition0 - ok
16:12:44.0284 1520 Boot (0x1200) (d928268faa9b75b1daec3ba8ee4c5d74) \Device\Harddisk1\DR1\Partition0
16:12:44.0285 1520 \Device\Harddisk1\DR1\Partition0 - ok
16:12:44.0287 1520 ============================================================
16:12:44.0287 1520 Scan finished
16:12:44.0287 1520 ============================================================
16:12:44.0332 3580 Detected object count: 1
16:12:44.0332 3580 Actual detected object count: 1
16:12:49.0826 3580 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
16:12:50.0395 3580 Backup copy not found, trying to cure infected file..
16:12:50.0400 3580 Cure success, using it..
16:12:50.0444 3580 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
16:12:50.0445 3580 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
16:12:59.0158 3676 Deinitialize success
|
|
02.03.2012, 18:32
| #7 |
| /// Selecta Jahrusso | Google leitet um, und ist Langsam.. Update bitte Malwarebytes und lass einen Quick Scan laufen. Lass alle Funde löschen und poste das Log hier. ESET Online Scanner
Bitte poste in deiner nächsten Antwort MBAM Log ESET Log
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.03.2012, 14:08
| #8 |
| | Google leitet um, und ist Langsam.. Guten morgen! Hier die Logs MBAM: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.28.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 PC :: PC1 [Administrator] 03.03.2012 12:28:37 mbam-log-2012-03-03 (12-28-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 168401 Laufzeit: 4 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Code:
ATTFilter C:\TDSSKiller_Quarantine\02.03.2012_16.12.16\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
|
|
03.03.2012, 14:37
| #9 |
| /// Selecta Jahrusso | Google leitet um, und ist Langsam.. Noch Probleme ?  Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.03.2012, 14:47
| #10 |
| | Google leitet um, und ist Langsam.. Nee, der PC Läuft wieder 1A   Extras Code:
ATTFilter OTL Extras logfile created on: 03.03.2012 14:39:41 - Run 3
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\PC\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 32,45% Memory free
3,00 Gb Paging File | 1,21 Gb Available in Paging File | 40,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 27,55 Gb Free Space | 36,97% Space Free | Partition Type: NTFS
Computer Name: PC1 | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C6712CA8-630B-4E95-BEBB-24FAAFDBA522}_is1" = RAMBooster.Net version 3.1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5513-1208-7298-9440" = JDownloader 0.9
"abgx360" = abgx360 v1.0.6
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"DVDCreator.exe_is1" = Music DVD Creator 2.0
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader 5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Nokia Suite" = Nokia Suite
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Jtag Tool (Reset Glitch)" = Jtag Tool (Reset Glitch)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2012 01:14:29 | Computer Name = PC1 | Source = ESENT | ID = 455
Description = Windows (2812) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00051.log.
Error - 02.03.2012 01:14:29 | Computer Name = PC1 | Source = Windows Search Service | ID = 9000
Description =
Error - 02.03.2012 01:14:29 | Computer Name = PC1 | Source = Windows Search Service | ID = 7040
Description =
Error - 02.03.2012 01:14:29 | Computer Name = PC1 | Source = Windows Search Service | ID = 7042
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 9002
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 3029
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 3029
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 3028
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 3058
Description =
Error - 02.03.2012 01:14:30 | Computer Name = PC1 | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 02.03.2012 10:30:56 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.03.2012 11:13:37 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.03.2012 11:19:16 | Computer Name = PC1 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.03.2012 11:23:29 | Computer Name = PC1 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.03.2012 11:27:51 | Computer Name = PC1 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?03.?2012 um 16:26:37 unerwartet heruntergefahren.
Error - 02.03.2012 11:27:43 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 02.03.2012 13:03:06 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 03.03.2012 05:31:07 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 03.03.2012 07:26:43 | Computer Name = PC1 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?03.?2012 um 10:36:07 unerwartet heruntergefahren.
Error - 03.03.2012 07:26:36 | Computer Name = PC1 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
Normaler LOG Code:
ATTFilter OTL logfile created on: 03.03.2012 14:39:41 - Run 3 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\PC\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 32,45% Memory free 3,00 Gb Paging File | 1,21 Gb Available in Paging File | 40,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 27,55 Gb Free Space | 36,97% Space Free | Partition Type: NTFS Computer Name: PC1 | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Program Files\Trillian\libspeex.dll () MOD - C:\Program Files\Trillian\libpng15.dll () MOD - C:\Program Files\Trillian\libungif.dll () MOD - C:\Program Files\Trillian\zlib1.dll () MOD - c:\users\pc\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\pc\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\pc\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\pc\appdata\roaming\trillian\languages\de\trillian.dll () MOD - c:\users\pc\appdata\roaming\trillian\languages\de\toolkit.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 6B 33 B2 C6 F2 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.07 13:38:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.19 23:15:30 | 000,000,000 | ---D | M] [2012.02.08 18:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2012.02.23 16:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions [2012.02.12 15:52:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions\de_DE@dicts.j3e.de [2012.03.02 16:50:39 | 000,002,400 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9061zevv.default\searchplugins\google-deutschland.xml [2012.02.08 18:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012.02.18 13:17:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.03.02 16:28:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{556A1582-8442-4FF5-9B45-83D6F2EB182F}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.03 12:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.03 12:28:50 | 002,322,184 | ---- | C] (ESET) -- C:\Users\PC\Desktop\esetsmartinstaller_enu.exe [2012.03.02 16:32:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.03.02 16:28:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.03.02 16:12:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.03.02 16:12:10 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\PC\Desktop\TDSSKiller.exe [2012.03.01 23:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.01 23:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.01 23:07:31 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\temp [2012.03.01 22:48:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.01 22:48:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.01 22:48:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.01 22:48:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.03.01 22:47:54 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.01 22:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMBooster.Net [2012.03.01 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\RAMBooster.Net [2012.03.01 21:29:41 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.01 21:26:34 | 004,424,671 | R--- | C] (Swearware) -- C:\Users\PC\Desktop\ComboFix.exe [2012.03.01 21:02:49 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.03.01 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\PC\Assassins Creed 3 Pics [2012.02.29 20:30:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.02.28 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes [2012.02.28 17:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.28 17:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.28 17:29:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.28 17:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.28 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.28 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\BlazeVideo [2012.02.28 16:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music DVD Creator [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BlazeVideo [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\BlazeVideo [2012.02.27 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jtag Tool [2012.02.27 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Coolshrimp [2012.02.27 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\J-Runner [2012.02.26 16:03:30 | 000,011,936 | ---- | C] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.26 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AutoGG 0.2.9g [2012.02.25 14:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.02.25 14:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.02.25 14:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.02.25 14:21:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\HP [2012.02.25 11:40:06 | 000,000,000 | R--D | C] -- C:\Users\PC\XBOX 360 [2012.02.24 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\abgx360 [2012.02.22 18:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.22 18:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abgx360 [2012.02.22 18:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\abgx360 [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:47:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\admigro [2012.02.20 20:46:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Foxit Software [2012.02.20 17:43:48 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Neuer Ordner [2012.02.20 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Nokia Suite [2012.02.19 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\NokiaAccount [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Nokia [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Nokia [2012.02.19 23:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012.02.19 23:16:19 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.02.19 23:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012.02.19 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.02.19 23:14:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2012.02.19 23:14:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.02.19 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012.02.19 23:14:10 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\WinRAR [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2012.02.17 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.02.17 10:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2012.02.15 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\NVIDIA [2012.02.15 20:52:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.02.14 22:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Google [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.02.12 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Trillian [2012.02.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian [2012.02.10 22:10:05 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\FILSH_Media_GmbH [2012.02.10 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\FILSHtray [2012.02.10 22:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray [2012.02.10 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\FILSHtray [2012.02.10 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.02.10 22:07:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.02.10 22:07:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2012.02.10 22:07:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2012.02.10 22:07:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2012.02.09 17:33:23 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TeamViewer [2012.02.09 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.02.09 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2012.02.09 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.02.08 21:15:49 | 000,000,000 | R--D | C] -- C:\Users\PC\Dropbox [2012.02.08 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.02.08 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Dropbox [2012.02.08 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.02.08 19:39:21 | 006,350,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2012.02.08 19:39:21 | 003,840,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2012.02.08 19:39:21 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2012.02.08 19:39:21 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2012.02.08 19:39:21 | 000,123,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2012.02.08 19:39:20 | 000,602,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2012.02.08 19:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.02.08 19:38:25 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.02.08 19:38:25 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.02.08 19:38:25 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.02.08 19:38:25 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.02.08 19:38:25 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012.02.08 19:38:25 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.02.08 19:38:25 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.02.08 19:38:25 | 000,919,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012.02.08 19:38:25 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2012.02.08 19:38:25 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.02.08 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.02.08 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe [2012.02.08 19:07:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.08 19:06:17 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.08 19:06:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012.02.08 19:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.02.08 19:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla [2012.02.08 18:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.02.08 18:50:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\ElevatedDiagnostics [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.02.08 18:49:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities [2012.02.08 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts [2012.02.08 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Vorlagen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Verlauf [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Startmenü [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Netzwerkumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Lokale Einstellungen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Videos [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Musik [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Eigene Dateien [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Bilder [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Druckumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Anwendungsdaten [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Anwendungsdaten [2012.02.08 18:49:08 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Music [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Links [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.02.08 18:49:08 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.02.08 18:45:07 | 000,000,000 | ---D | C] -- C:\Recovery [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.02.08 18:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.02.08 18:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.02.08 18:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.02.08 18:24:54 | 000,000,000 | ---D | C] -- C:\Boot [2012.02.07 13:29:53 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.02.06 23:52:35 | 000,000,000 | R--D | C] -- C:\Programme [2012.02.06 23:49:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.02.06 23:49:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen ========== Files - Modified Within 30 Days ========== [2012.03.03 14:36:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.03 13:59:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.03.03 13:24:25 | 000,097,418 | ---- | M] () -- C:\Users\PC\Desktop\Unbenannt.GIF [2012.03.03 12:31:54 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.03 12:31:54 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.03 12:28:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\PC\Desktop\esetsmartinstaller_enu.exe [2012.03.03 12:27:03 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.03 12:26:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.03 12:26:37 | 1207,017,472 | -HS- | M] () -- C:\hiberfil.sys [2012.03.02 16:59:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.03.02 16:28:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.03.02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\PC\Desktop\TDSSKiller.exe [2012.03.01 23:15:21 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.01 22:38:28 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\RAMBooster.Net.lnk [2012.03.01 21:28:00 | 004,424,671 | R--- | M] (Swearware) -- C:\Users\PC\Desktop\ComboFix.exe [2012.03.01 21:04:04 | 087,227,952 | ---- | M] () -- C:\Users\PC\Desktop\avira_free_antivirus_898de.exe [2012.03.01 21:02:56 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.03.01 20:58:54 | 000,302,592 | ---- | M] () -- C:\Users\PC\Desktop\9szcid7f.exe [2012.02.29 21:15:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.28 19:29:55 | 000,001,003 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.28 19:29:55 | 000,000,983 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.28 17:29:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.28 16:55:18 | 000,002,292 | ---- | M] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:16:08 | 000,040,448 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 16:03:36 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.28 16:03:36 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.28 16:03:36 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.28 16:03:36 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.27 18:56:46 | 000,002,207 | ---- | M] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 00:49:31 | 000,001,281 | ---- | M] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:46:38 | 014,904,602 | ---- | M] () -- C:\Users\PC\14719 Additional Pack.rar [2012.02.26 19:38:17 | 000,044,049 | ---- | M] () -- C:\Users\PC\Unbenannt.GIF [2012.02.26 16:03:30 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.25 15:59:20 | 000,011,864 | ---- | M] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | M] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | M] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | M] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:28 | 003,439,836 | ---- | M] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.13 00:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,037 | ---- | M] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:32:29 | 003,791,757 | ---- | M] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 19:27:56 | 000,001,360 | ---- | M] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:10:44 | 000,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\smsens.sys [2012.02.08 19:10:43 | 000,720,896 | ---- | M] (Sensaura Ltd) -- C:\Windows\System32\a3d.dll [2012.02.08 19:07:06 | 003,906,696 | ---- | M] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 19:03:34 | 010,975,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTLCPL.EXE [2012.02.08 19:03:34 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE [2012.02.08 19:03:33 | 019,036,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\ALSNDMGR.CPL [2012.02.08 19:03:33 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS [2012.02.08 19:03:33 | 002,510,368 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2012.02.08 19:03:33 | 000,965,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.02.08 19:03:33 | 000,154,144 | ---- | M] () -- C:\Windows\System32\RTLCPAPI.dll [2012.02.08 19:03:33 | 000,141,856 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCfg.dll [2012.02.08 19:03:33 | 000,141,016 | ---- | M] () -- C:\Windows\System32\ALSNDMGR.WAV [2012.02.08 19:03:30 | 000,223,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\Alcrmv.exe [2012.02.08 19:01:43 | 000,001,072 | ---- | M] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | M] () -- C:\w7ldr [2012.02.08 18:43:24 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.08 18:41:09 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.02.08 18:39:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:36:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.02.08 18:36:24 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.02.06 23:56:10 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK ========== Files Created - No Company Name ========== [2012.03.03 13:20:31 | 000,097,418 | ---- | C] () -- C:\Users\PC\Desktop\Unbenannt.GIF [2012.03.01 23:15:21 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.01 22:48:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.01 22:48:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.01 22:48:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.01 22:48:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.01 22:48:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.01 22:38:28 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\RAMBooster.Net.lnk [2012.03.01 20:58:46 | 000,302,592 | ---- | C] () -- C:\Users\PC\Desktop\9szcid7f.exe [2012.03.01 20:55:28 | 087,227,952 | ---- | C] () -- C:\Users\PC\Desktop\avira_free_antivirus_898de.exe [2012.02.28 17:29:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.28 16:55:18 | 000,002,292 | ---- | C] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:54:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.02.28 16:54:08 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.02.28 16:14:00 | 000,040,448 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.27 18:56:46 | 000,002,207 | ---- | C] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 00:49:31 | 000,001,281 | ---- | C] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:45:56 | 014,904,602 | ---- | C] () -- C:\Users\PC\14719 Additional Pack.rar [2012.02.26 19:37:48 | 000,044,049 | ---- | C] () -- C:\Users\PC\Unbenannt.GIF [2012.02.25 15:59:21 | 000,011,864 | ---- | C] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | C] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.22 18:20:44 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | C] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | C] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:08 | 003,439,836 | ---- | C] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.14 22:31:27 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.14 22:31:26 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.13 00:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,067 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2012.02.12 16:34:03 | 000,001,037 | ---- | C] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.02.09 17:31:36 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:31:07 | 003,791,757 | ---- | C] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 21:16:28 | 003,906,696 | ---- | C] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 21:14:13 | 000,000,983 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.08 21:13:55 | 000,001,003 | ---- | C] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.08 19:38:25 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012.02.08 19:27:56 | 000,001,360 | ---- | C] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:01:43 | 000,001,072 | ---- | C] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:49:42 | 000,001,409 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | C] () -- C:\w7ldr [2012.02.08 18:40:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.02.08 18:40:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.02.08 18:39:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:37:15 | 1207,017,472 | -HS- | C] () -- C:\hiberfil.sys [2012.02.08 18:36:24 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2012.02.08 18:25:00 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.02.08 18:24:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2012.02.07 00:48:38 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\System32\abgx360.exe < End of report > |
|
03.03.2012, 15:13
| #11 |
| /// Selecta Jahrusso | Google leitet um, und ist Langsam.. Wenn es keine weiteren Probleme mehr gibt, sind wir hier fertig. Bitte folge den letzten paar Schritten. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.03.2012, 15:53
| #12 |
| | Google leitet um, und ist Langsam.. Alles hat wie beschrieben funktioniert! Riesiges danke an dich! Du hasts einfach drauf! |
|
03.03.2012, 18:31
| #13 |
| /// Selecta Jahrusso | Google leitet um, und ist Langsam.. Froh das wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Google leitet um, und ist Langsam.. |
| .dll, application/pdf, application/pdf:, combofix, dateisystem, defender, explorer, google, google earth, heuristiks/extra, heuristiks/shuriken, internet, internet explorer, langs, logfiles, malwarebytes, microsoft, mozilla, problem, programme, realtek, registry, rootkit.agent, seiten, software, system, version=1.0, win32/agent.suc.gen, windows, winlogon |
Hybrid-Darstellung
