| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Broken.OpenCommand VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.03.2012, 19:22
| #16 |
 |  Broken.OpenCommand Virus Quatsch, den DIvx player hab ich nurmal für ein Video runtergeladen. Dies war aber Legal. Eigendlich kann ich den aber wieder deinstallieren, da ist der VLC player 100 mal besser. |
|
12.03.2012, 19:54
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Broken.OpenCommand Virus Das war nur eine Frage ob du den dafür genutzt hast! Wenn ja, lass diese Streamingseiten links liegen, das ist das Haupteinfallstor für solche Windows-Blockierer!
__________________Du hast dein System auch ganz schön mit Toolbars zugemüllt! Deinstallier alle über die Systemsteuerung, mach danach wieder ein neues OTL-Log
__________________ |
|
16.03.2012, 12:18
| #18 |
| | Broken.OpenCommand Virus Hallo, Entschuldigung für die späte Meldung, ging leider nicht früher, hab die Toolbars deinstalliert. Werden im Log zwar angezeigt sind aber weg.
__________________Log hab ich als zip angehängt. gruß Medico |
|
16.03.2012, 17:08
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2011.11.15 21:12:35 | 000,474,097 | ---- | M] () -- C:\Users\Gast\AppData\Local\Freenet\freenet.exe
MOD - [2012.03.15 16:43:48 | 000,079,234 | ---- | M] () -- C:\Users\Gast\AppData\Local\Temp\jbigi1640407753580134094lib.tmp
MOD - [2012.03.15 16:43:47 | 000,040,960 | ---- | M] () -- C:\Users\Gast\AppData\Local\Temp\jcpuid2190056868816643762lib.tmp
MOD - [2011.11.15 21:12:35 | 000,474,097 | ---- | M] () -- C:\Users\Gast\AppData\Local\Freenet\freenet.exe
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKLM\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
[2010.09.03 17:15:29 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.05.19 10:24:54 | 000,000,894 | ---- | M] () -- C:\Users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\searchplugins\conduit.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O32 - HKLM CDRom: AutoRun - 1
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Duden Korrektor SysTray - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2011.05.02 23:06:17 | 017,143,210 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[2011.06.10 23:38:31 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{3166108E-828C-47C6-AB03-041022BA93FB}
[2011.06.03 15:33:43 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{1218B187-6CFC-4BFD-AC41-6A84FA68BD90}
[2011.06.03 10:46:20 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{07DBA7D4-7535-4FCE-9946-9B7CE3C54D5D}
[2011.06.02 23:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{90C8A9EE-7C11-4FD8-B742-B2DA53431435}
[2011.03.02 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\26337
[2009.12.03 22:42:42 | 000,000,000 | -HSD | M] -- C:\Users\Medico\AppData\Roaming\.#
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
:Files
C:\Users\Gast\AppData\Local\Freenet
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2012, 18:34
| #20 |
| | Broken.OpenCommand Virus Habe ich gemacht: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named freenet.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@fileplanet.com/fpdlm\ deleted successfully.
C:\Program Files (x86)\Download Manager\npfpdlm.dll moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\searchplugin folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\META-INF folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\lib folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\defaults folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\chrome folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} folder moved successfully.
C:\Users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn deleted successfully.
0 moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
File 0 not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivX Download Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Duden Korrektor SysTray\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ not found.
C:\ProgramData\JonDoFox.paf.exe moved successfully.
C:\Users\Medico\AppData\Local\{3166108E-828C-47C6-AB03-041022BA93FB} moved successfully.
C:\Users\Medico\AppData\Local\{1218B187-6CFC-4BFD-AC41-6A84FA68BD90} moved successfully.
C:\Users\Medico\AppData\Local\{07DBA7D4-7535-4FCE-9946-9B7CE3C54D5D} moved successfully.
C:\Users\Medico\AppData\Local\{90C8A9EE-7C11-4FD8-B742-B2DA53431435} moved successfully.
C:\Users\Gast\AppData\Roaming\26337 folder moved successfully.
C:\Users\Medico\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
========== FILES ==========
C:\Users\Gast\AppData\Local\Freenet\wrapper folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\updater folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\temp folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\plugins folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\persistent-temp-8311 folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\logs folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\licenses folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\extra-peer-data-8311 folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\downloads folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\datastore folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 412372846 bytes
->Temporary Internet Files folder emptied: 73516731 bytes
->Java cache emptied: 9915 bytes
->FireFox cache emptied: 76279543 bytes
->Google Chrome cache emptied: 216306131 bytes
->Opera cache emptied: 3791004 bytes
->Flash cache emptied: 16394 bytes
User: Medico
->Temp folder emptied: 31823839 bytes
->Temporary Internet Files folder emptied: 15472975 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 11644509 bytes
->Google Chrome cache emptied: 14774873 bytes
->Opera cache emptied: 220566 bytes
->Flash cache emptied: 13558 bytes
User: Public
User: sdasd
->Temp folder emptied: 145628058 bytes
->Temporary Internet Files folder emptied: 428894913 bytes
->FireFox cache emptied: 79467284 bytes
->Opera cache emptied: 925299 bytes
->Flash cache emptied: 3132 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 173499904 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245565657 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045668 bytes
RecycleBin emptied: 11389565 bytes
Total Files Cleaned = 1.886,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.36.2 log created on 03162012_181739
Files\Folders moved on Reboot...
File move failed. C:\Users\Gast\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\temp\dbloomfLeA4c moved successfully.
File\Folder C:\Windows\temp\fb_2308.lck not found!
Registry entries deleted on Reboot...
|
|
16.03.2012, 19:11
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Broken.OpenCommand Virus |
|
16.03.2012, 20:00
| #22 |
| | Broken.OpenCommand Virus 1 Objekt gefunden: Code:
ATTFilter 19:53:44.0037 4140 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:53:44.0881 4140 ============================================================
19:53:44.0881 4140 Current date / time: 2012/03/16 19:53:44.0881
19:53:44.0881 4140 SystemInfo:
19:53:44.0881 4140
19:53:44.0882 4140 OS Version: 6.1.7600 ServicePack: 0.0
19:53:44.0882 4140 Product type: Workstation
19:53:44.0882 4140 ComputerName: MEDICO-PC
19:53:44.0882 4140 UserName: Medico
19:53:44.0882 4140 Windows directory: C:\Windows
19:53:44.0882 4140 System windows directory: C:\Windows
19:53:44.0882 4140 Running under WOW64
19:53:44.0882 4140 Processor architecture: Intel x64
19:53:44.0882 4140 Number of processors: 2
19:53:44.0882 4140 Page size: 0x1000
19:53:44.0882 4140 Boot type: Normal boot
19:53:44.0882 4140 ============================================================
19:53:46.0434 4140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:46.0440 4140 \Device\Harddisk0\DR0:
19:53:46.0440 4140 MBR used
19:53:46.0440 4140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
19:53:46.0440 4140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
19:53:46.0519 4140 Initialize success
19:53:46.0519 4140 ============================================================
19:54:03.0438 4724 ============================================================
19:54:03.0438 4724 Scan started
19:54:03.0438 4724 Mode: Manual; SigCheck; TDLFS;
19:54:03.0438 4724 ============================================================
19:54:05.0838 4724 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:54:06.0218 4724 1394ohci - ok
19:54:06.0320 4724 94349651 (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\94349651.sys
19:54:07.0068 4724 94349651 - ok
19:54:07.0180 4724 94349652 (3ec7dfda521b4fb22ce9f76df15db099) C:\Windows\system32\DRIVERS\94349652.sys
19:54:07.0190 4724 94349652 - ok
19:54:07.0240 4724 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:54:07.0260 4724 ACPI - ok
19:54:07.0382 4724 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:54:07.0472 4724 AcpiPmi - ok
19:54:07.0602 4724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:07.0632 4724 adp94xx - ok
19:54:07.0754 4724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:54:07.0784 4724 adpahci - ok
19:54:07.0794 4724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:54:07.0814 4724 adpu320 - ok
19:54:07.0966 4724 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:54:08.0086 4724 AFD - ok
19:54:08.0306 4724 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
19:54:08.0416 4724 AgereSoftModem - ok
19:54:08.0536 4724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:54:08.0556 4724 agp440 - ok
19:54:08.0566 4724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:54:08.0591 4724 aliide - ok
19:54:08.0618 4724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:54:08.0638 4724 amdide - ok
19:54:08.0648 4724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:54:08.0688 4724 AmdK8 - ok
19:54:08.0828 4724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:54:08.0868 4724 AmdPPM - ok
19:54:08.0948 4724 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
19:54:08.0978 4724 amdsata - ok
19:54:09.0068 4724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:09.0088 4724 amdsbs - ok
19:54:09.0158 4724 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
19:54:09.0168 4724 amdxata - ok
19:54:09.0258 4724 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:54:09.0378 4724 AppID - ok
19:54:09.0508 4724 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:54:09.0528 4724 arc - ok
19:54:09.0538 4724 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:54:09.0558 4724 arcsas - ok
19:54:09.0608 4724 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
19:54:09.0620 4724 aswFsBlk - ok
19:54:09.0780 4724 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
19:54:09.0800 4724 aswMonFlt - ok
19:54:09.0950 4724 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
19:54:09.0970 4724 aswRdr - ok
19:54:10.0050 4724 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
19:54:10.0090 4724 aswSnx - ok
19:54:10.0282 4724 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
19:54:10.0342 4724 aswSP - ok
19:54:10.0472 4724 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
19:54:10.0492 4724 aswTdi - ok
19:54:10.0512 4724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:10.0682 4724 AsyncMac - ok
19:54:10.0794 4724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:54:10.0814 4724 atapi - ok
19:54:10.0936 4724 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
19:54:11.0158 4724 athr - ok
19:54:11.0278 4724 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
19:54:11.0298 4724 AtiHdmiService - ok
19:54:11.0448 4724 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:11.0722 4724 atikmdag - ok
19:54:11.0834 4724 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:54:11.0854 4724 AtiPcie - ok
19:54:11.0934 4724 AVerAF15DMBTH64 (31f7096ab90f28b884b24ff1d75175dd) C:\Windows\system32\Drivers\AVerAF15DMBTH64.sys
19:54:12.0014 4724 AVerAF15DMBTH64 - ok
19:54:12.0134 4724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:12.0244 4724 b06bdrv - ok
19:54:12.0366 4724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:12.0426 4724 b57nd60a - ok
19:54:12.0576 4724 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:54:12.0656 4724 BCM43XX - ok
19:54:12.0778 4724 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:54:12.0848 4724 Beep - ok
19:54:13.0030 4724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:13.0080 4724 blbdrive - ok
19:54:13.0140 4724 BlueletAudio (44582f5543fd48afbe20e9d9287db0c0) C:\Windows\system32\DRIVERS\blueletaudio.sys
19:54:13.0170 4724 BlueletAudio - ok
19:54:13.0260 4724 BlueletSCOAudio (7e40dfb0cb6dd07eb63cf6f8c67c0962) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
19:54:13.0280 4724 BlueletSCOAudio - ok
19:54:13.0320 4724 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:54:13.0400 4724 bowser - ok
19:54:13.0510 4724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:13.0580 4724 BrFiltLo - ok
19:54:13.0782 4724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:13.0812 4724 BrFiltUp - ok
19:54:13.0832 4724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:54:13.0902 4724 Brserid - ok
19:54:14.0032 4724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:14.0072 4724 BrSerWdm - ok
19:54:14.0082 4724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:14.0122 4724 BrUsbMdm - ok
19:54:14.0254 4724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:14.0304 4724 BrUsbSer - ok
19:54:14.0354 4724 BT (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
19:54:14.0374 4724 BT - ok
19:54:14.0514 4724 Btcsrusb (e0c1e6b70e0c626b37e643b799e434f3) C:\Windows\system32\Drivers\btcusb.sys
19:54:14.0534 4724 Btcsrusb - ok
19:54:14.0574 4724 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:54:14.0644 4724 BthEnum - ok
19:54:14.0766 4724 BTHidEnum (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
19:54:14.0786 4724 BTHidEnum - ok
19:54:14.0826 4724 BTHidMgr (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
19:54:14.0846 4724 BTHidMgr - ok
19:54:14.0976 4724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:15.0026 4724 BTHMODEM - ok
19:54:15.0096 4724 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:54:15.0136 4724 BthPan - ok
19:54:15.0306 4724 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
19:54:15.0356 4724 BTHPORT - ok
19:54:15.0526 4724 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
19:54:15.0576 4724 BTHUSB - ok
19:54:15.0736 4724 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:54:15.0816 4724 cdfs - ok
19:54:15.0835 4724 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:54:15.0858 4724 cdrom - ok
19:54:15.0868 4724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:54:15.0888 4724 circlass - ok
19:54:15.0938 4724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:54:15.0978 4724 CLFS - ok
19:54:16.0110 4724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:16.0160 4724 CmBatt - ok
19:54:16.0200 4724 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:54:16.0210 4724 cmdide - ok
19:54:16.0260 4724 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:54:16.0300 4724 CNG - ok
19:54:16.0422 4724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:54:16.0432 4724 Compbatt - ok
19:54:16.0442 4724 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:54:16.0502 4724 CompositeBus - ok
19:54:16.0512 4724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:16.0532 4724 crcdisk - ok
19:54:16.0604 4724 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:54:16.0674 4724 DfsC - ok
19:54:16.0796 4724 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
19:54:16.0816 4724 dgderdrv - ok
19:54:16.0866 4724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:54:16.0946 4724 discache - ok
19:54:17.0028 4724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:54:17.0048 4724 Disk - ok
19:54:17.0068 4724 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:54:17.0128 4724 drmkaud - ok
19:54:17.0198 4724 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:54:17.0238 4724 DXGKrnl - ok
19:54:17.0410 4724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:54:17.0572 4724 ebdrv - ok
19:54:17.0712 4724 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
19:54:17.0732 4724 ElRawDisk - ok
19:54:17.0782 4724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:54:17.0804 4724 elxstor - ok
19:54:17.0916 4724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:54:17.0966 4724 ErrDev - ok
19:54:18.0106 4724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:54:18.0186 4724 exfat - ok
19:54:18.0201 4724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:54:18.0258 4724 fastfat - ok
19:54:18.0380 4724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:54:18.0440 4724 fdc - ok
19:54:18.0610 4724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:54:18.0630 4724 FileInfo - ok
19:54:18.0640 4724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:54:18.0690 4724 Filetrace - ok
19:54:18.0706 4724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:18.0762 4724 flpydisk - ok
19:54:18.0872 4724 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:54:18.0892 4724 FltMgr - ok
19:54:18.0912 4724 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:54:18.0936 4724 FsDepends - ok
19:54:18.0944 4724 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:54:18.0954 4724 Fs_Rec - ok
19:54:18.0994 4724 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:54:19.0014 4724 fvevol - ok
19:54:19.0126 4724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:19.0146 4724 gagp30kx - ok
19:54:19.0196 4724 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:19.0206 4724 GEARAspiWDM - ok
19:54:19.0268 4724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:54:19.0348 4724 hcw85cir - ok
19:54:19.0448 4724 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:54:19.0508 4724 HdAudAddService - ok
19:54:19.0628 4724 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:54:19.0708 4724 HDAudBus - ok
19:54:19.0828 4724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:19.0868 4724 HidBatt - ok
19:54:20.0008 4724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:54:20.0078 4724 HidBth - ok
19:54:20.0218 4724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:54:20.0278 4724 HidIr - ok
19:54:20.0288 4724 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:54:20.0308 4724 HidUsb - ok
19:54:20.0338 4724 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:54:20.0356 4724 HpSAMD - ok
19:54:20.0400 4724 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:54:20.0501 4724 HTTP - ok
19:54:20.0622 4724 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:54:20.0632 4724 hwpolicy - ok
19:54:20.0642 4724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:20.0672 4724 i8042prt - ok
19:54:20.0724 4724 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:54:20.0744 4724 iaStorV - ok
19:54:20.0986 4724 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:54:21.0242 4724 igfx - ok
19:54:21.0352 4724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:54:21.0372 4724 iirsp - ok
19:54:21.0444 4724 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
19:54:21.0494 4724 IntcAzAudAddService - ok
19:54:21.0596 4724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:54:21.0616 4724 intelide - ok
19:54:21.0626 4724 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:54:21.0676 4724 intelppm - ok
19:54:21.0828 4724 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:21.0868 4724 IpFilterDriver - ok
19:54:21.0890 4724 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:54:21.0930 4724 IPMIDRV - ok
19:54:21.0940 4724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:54:22.0000 4724 IPNAT - ok
19:54:22.0112 4724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:54:22.0192 4724 IRENUM - ok
19:54:22.0292 4724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:54:22.0312 4724 isapnp - ok
19:54:22.0342 4724 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:54:22.0362 4724 iScsiPrt - ok
19:54:22.0412 4724 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:54:22.0442 4724 k57nd60a - ok
19:54:22.0542 4724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:22.0562 4724 kbdclass - ok
19:54:22.0572 4724 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:54:22.0622 4724 kbdhid - ok
19:54:22.0684 4724 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:54:22.0704 4724 KSecDD - ok
19:54:22.0834 4724 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:54:22.0854 4724 KSecPkg - ok
19:54:22.0904 4724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:54:23.0014 4724 ksthunk - ok
19:54:23.0176 4724 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:54:23.0226 4724 L1E - ok
19:54:23.0368 4724 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
19:54:23.0388 4724 Lbd - ok
19:54:23.0418 4724 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:54:23.0508 4724 lltdio - ok
19:54:23.0650 4724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:23.0670 4724 LSI_FC - ok
19:54:23.0680 4724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:23.0710 4724 LSI_SAS - ok
19:54:23.0810 4724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:23.0830 4724 LSI_SAS2 - ok
19:54:23.0850 4724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:23.0882 4724 LSI_SCSI - ok
19:54:23.0992 4724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:54:24.0074 4724 luafv - ok
19:54:24.0114 4724 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:54:24.0134 4724 MBAMProtector - ok
19:54:24.0274 4724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:54:24.0284 4724 megasas - ok
19:54:24.0314 4724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:24.0346 4724 MegaSR - ok
19:54:24.0446 4724 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:54:24.0526 4724 Modem - ok
19:54:24.0568 4724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:54:24.0618 4724 monitor - ok
19:54:24.0730 4724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:54:24.0750 4724 mouclass - ok
19:54:24.0760 4724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:54:24.0799 4724 mouhid - ok
19:54:24.0802 4724 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:54:24.0822 4724 mountmgr - ok
19:54:24.0845 4724 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:54:24.0874 4724 mpio - ok
19:54:24.0934 4724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:54:25.0031 4724 mpsdrv - ok
19:54:25.0126 4724 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:54:25.0176 4724 MRxDAV - ok
19:54:25.0266 4724 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:25.0306 4724 mrxsmb - ok
19:54:25.0416 4724 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:25.0446 4724 mrxsmb10 - ok
19:54:25.0516 4724 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:25.0566 4724 mrxsmb20 - ok
19:54:25.0656 4724 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:54:25.0676 4724 msahci - ok
19:54:25.0726 4724 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:54:25.0746 4724 msdsm - ok
19:54:25.0766 4724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:54:25.0840 4724 Msfs - ok
19:54:25.0850 4724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:54:25.0942 4724 mshidkmdf - ok
19:54:26.0020 4724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:54:26.0040 4724 msisadrv - ok
19:54:26.0092 4724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:54:26.0185 4724 MSKSSRV - ok
19:54:26.0264 4724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:26.0345 4724 MSPCLOCK - ok
19:54:26.0396 4724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:54:26.0466 4724 MSPQM - ok
19:54:26.0598 4724 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:54:26.0628 4724 MsRPC - ok
19:54:26.0738 4724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:54:26.0748 4724 mssmbios - ok
19:54:26.0758 4724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:54:26.0838 4724 MSTEE - ok
19:54:26.0875 4724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:26.0920 4724 MTConfig - ok
19:54:27.0060 4724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:54:27.0080 4724 Mup - ok
19:54:27.0100 4724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:54:27.0160 4724 NativeWifiP - ok
19:54:27.0300 4724 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:54:27.0330 4724 NDIS - ok
19:54:27.0462 4724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:27.0532 4724 NdisCap - ok
19:54:27.0664 4724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:27.0734 4724 NdisTapi - ok
19:54:27.0836 4724 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:27.0916 4724 Ndisuio - ok
19:54:28.0048 4724 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:28.0108 4724 NdisWan - ok
19:54:28.0121 4724 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:54:28.0230 4724 NDProxy - ok
19:54:28.0362 4724 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
19:54:28.0452 4724 Netaapl - ok
19:54:28.0562 4724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:54:28.0632 4724 NetBIOS - ok
19:54:28.0764 4724 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:54:28.0834 4724 NetBT - ok
19:54:28.0976 4724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:28.0996 4724 nfrd960 - ok
19:54:29.0026 4724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:54:29.0096 4724 Npfs - ok
19:54:29.0218 4724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:54:29.0268 4724 nsiproxy - ok
19:54:29.0350 4724 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:54:29.0430 4724 Ntfs - ok
19:54:29.0552 4724 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
19:54:29.0572 4724 NTIDrvr - ok
19:54:29.0612 4724 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:54:29.0682 4724 Null - ok
19:54:29.0794 4724 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:54:29.0824 4724 nvraid - ok
19:54:29.0884 4724 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:54:29.0904 4724 nvstor - ok
19:54:30.0014 4724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:54:30.0034 4724 nv_agp - ok
19:54:30.0054 4724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:54:30.0104 4724 ohci1394 - ok
19:54:30.0154 4724 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:54:30.0184 4724 Parport - ok
19:54:30.0254 4724 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:54:30.0274 4724 partmgr - ok
19:54:30.0336 4724 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:54:30.0396 4724 pccsmcfd - ok
19:54:30.0506 4724 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:54:30.0526 4724 pci - ok
19:54:30.0556 4724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:54:30.0573 4724 pciide - ok
19:54:30.0592 4724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:30.0608 4724 pcmcia - ok
19:54:30.0698 4724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:54:30.0728 4724 pcw - ok
19:54:30.0758 4724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:54:30.0850 4724 PEAUTH - ok
19:54:31.0024 4724 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:54:31.0104 4724 PptpMiniport - ok
19:54:31.0226 4724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:54:31.0286 4724 Processor - ok
19:54:31.0416 4724 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:54:31.0496 4724 Psched - ok
19:54:31.0618 4724 ptlnaas - ok
19:54:31.0708 4724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:54:31.0758 4724 ql2300 - ok
19:54:31.0860 4724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:31.0880 4724 ql40xx - ok
19:54:31.0890 4724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:54:31.0950 4724 QWAVEdrv - ok
19:54:32.0070 4724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:54:32.0150 4724 RasAcd - ok
19:54:32.0202 4724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:32.0282 4724 RasAgileVpn - ok
19:54:32.0414 4724 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:32.0484 4724 Rasl2tp - ok
19:54:32.0505 4724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:32.0576 4724 RasPppoe - ok
19:54:32.0678 4724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:54:32.0758 4724 RasSstp - ok
19:54:32.0890 4724 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:54:32.0990 4724 rdbss - ok
19:54:33.0132 4724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:54:33.0162 4724 rdpbus - ok
19:54:33.0172 4724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:33.0242 4724 RDPCDD - ok
19:54:33.0364 4724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:54:33.0414 4724 RDPENCDD - ok
19:54:33.0435 4724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:54:33.0489 4724 RDPREFMP - ok
19:54:33.0528 4724 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:54:33.0628 4724 RDPWD - ok
19:54:33.0748 4724 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:54:33.0768 4724 rdyboost - ok
19:54:33.0838 4724 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:54:33.0878 4724 RFCOMM - ok
19:54:33.0998 4724 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:54:34.0068 4724 ROOTMODEM - ok
19:54:34.0210 4724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:54:34.0290 4724 rspndr - ok
19:54:34.0442 4724 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
19:54:34.0492 4724 RSUSBSTOR - ok
19:54:34.0592 4724 RtsUIR - ok
19:54:34.0632 4724 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:54:34.0662 4724 sbp2port - ok
19:54:34.0832 4724 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:54:34.0912 4724 scfilter - ok
19:54:34.0947 4724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:54:35.0004 4724 secdrv - ok
19:54:35.0156 4724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:54:35.0176 4724 Serenum - ok
19:54:35.0186 4724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:54:35.0236 4724 Serial - ok
19:54:35.0366 4724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:54:35.0406 4724 sermouse - ok
19:54:35.0536 4724 setup_9.0.0.722_14.04.2011_20-50drv (8423db42808e94847ec4e53efda6bee2) C:\Windows\system32\DRIVERS\9434965.sys
19:54:35.0566 4724 setup_9.0.0.722_14.04.2011_20-50drv - ok
19:54:35.0646 4724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:54:35.0696 4724 sffdisk - ok
19:54:35.0748 4724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:54:35.0798 4724 sffp_mmc - ok
19:54:35.0878 4724 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:54:35.0928 4724 sffp_sd - ok
19:54:35.0978 4724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:36.0038 4724 sfloppy - ok
19:54:36.0158 4724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:36.0178 4724 SiSRaid2 - ok
19:54:36.0218 4724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:54:36.0238 4724 SiSRaid4 - ok
19:54:36.0258 4724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:54:36.0330 4724 Smb - ok
19:54:36.0502 4724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:54:36.0522 4724 spldr - ok
19:54:36.0662 4724 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:54:36.0712 4724 srv - ok
19:54:36.0852 4724 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:54:36.0892 4724 srv2 - ok
19:54:37.0042 4724 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:54:37.0102 4724 SrvHsfHDA - ok
19:54:37.0262 4724 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:54:37.0342 4724 SrvHsfV92 - ok
19:54:37.0492 4724 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:54:37.0522 4724 SrvHsfWinac - ok
19:54:37.0662 4724 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:54:37.0752 4724 srvnet - ok
19:54:37.0882 4724 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
19:54:37.0912 4724 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:54:37.0912 4724 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:54:37.0962 4724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:54:37.0972 4724 stexstor - ok
19:54:38.0124 4724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:54:38.0144 4724 swenum - ok
19:54:38.0184 4724 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
19:54:38.0204 4724 SynTP - ok
19:54:38.0406 4724 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:54:38.0456 4724 Tcpip - ok
19:54:38.0638 4724 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:54:38.0690 4724 TCPIP6 - ok
19:54:38.0820 4724 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:54:38.0871 4724 tcpipreg - ok
19:54:38.0888 4724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:54:38.0952 4724 TDPIPE - ok
19:54:39.0082 4724 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:54:39.0132 4724 TDTCP - ok
19:54:39.0172 4724 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:54:39.0248 4724 tdx - ok
19:54:39.0364 4724 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:54:39.0374 4724 TermDD - ok
19:54:39.0424 4724 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
19:54:39.0434 4724 TFsExDisk - ok
19:54:39.0644 4724 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
19:54:39.0664 4724 truecrypt - ok
19:54:39.0744 4724 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:39.0824 4724 tssecsrv - ok
19:54:39.0926 4724 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:54:40.0006 4724 tunnel - ok
19:54:40.0038 4724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:54:40.0058 4724 uagp35 - ok
19:54:40.0180 4724 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
19:54:40.0190 4724 UBHelper - ok
19:54:40.0220 4724 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:54:40.0310 4724 udfs - ok
19:54:40.0442 4724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:54:40.0452 4724 uliagpkx - ok
19:54:40.0472 4724 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:54:40.0514 4724 umbus - ok
19:54:40.0554 4724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:54:40.0594 4724 UmPass - ok
19:54:40.0726 4724 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:54:40.0796 4724 USBAAPL64 - ok
19:54:40.0836 4724 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:54:40.0876 4724 usbaudio - ok
19:54:40.0988 4724 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:41.0068 4724 usbccgp - ok
19:54:41.0158 4724 USBCCID - ok
19:54:41.0188 4724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:54:41.0238 4724 usbcir - ok
19:54:41.0398 4724 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:54:41.0448 4724 usbehci - ok
19:54:41.0568 4724 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
19:54:41.0588 4724 usbfilter - ok
19:54:41.0638 4724 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:54:41.0698 4724 usbhub - ok
19:54:41.0828 4724 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:54:41.0878 4724 usbohci - ok
19:54:41.0958 4724 USBPNPA (0a89f75bb756604bbd995f2a0c8144f3) C:\Windows\system32\drivers\CM10864.sys
19:54:42.0038 4724 USBPNPA - ok
19:54:42.0148 4724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:54:42.0208 4724 usbprint - ok
19:54:42.0328 4724 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:54:42.0358 4724 usbscan - ok
19:54:42.0408 4724 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:42.0508 4724 USBSTOR - ok
19:54:42.0608 4724 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:54:42.0658 4724 usbuhci - ok
19:54:42.0708 4724 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:54:42.0788 4724 usbvideo - ok
19:54:42.0908 4724 VComm (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
19:54:42.0928 4724 VComm - ok
19:54:42.0948 4724 VcommMgr (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
19:54:42.0968 4724 VcommMgr - ok
19:54:43.0088 4724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:54:43.0108 4724 vdrvroot - ok
19:54:43.0128 4724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:43.0155 4724 vga - ok
19:54:43.0170 4724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:54:43.0240 4724 VgaSave - ok
19:54:43.0272 4724 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:54:43.0292 4724 vhdmp - ok
19:54:43.0392 4724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:54:43.0412 4724 viaide - ok
19:54:43.0422 4724 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:54:43.0442 4724 volmgr - ok
19:54:43.0462 4724 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:54:43.0492 4724 volmgrx - ok
19:54:43.0522 4724 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:54:43.0552 4724 volsnap - ok
19:54:43.0662 4724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:54:43.0682 4724 vsmraid - ok
19:54:43.0702 4724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:54:43.0732 4724 vwifibus - ok
19:54:43.0754 4724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:43.0814 4724 vwififlt - ok
19:54:43.0944 4724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:54:43.0994 4724 WacomPen - ok
19:54:44.0004 4724 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:44.0064 4724 WANARP - ok
19:54:44.0078 4724 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:44.0126 4724 Wanarpv6 - ok
19:54:44.0268 4724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:54:44.0288 4724 Wd - ok
19:54:44.0318 4724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:54:44.0349 4724 Wdf01000 - ok
19:54:44.0500 4724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:44.0550 4724 WfpLwf - ok
19:54:44.0564 4724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:54:44.0581 4724 WIMMount - ok
19:54:44.0692 4724 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:44.0732 4724 WinUsb - ok
19:54:44.0872 4724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:54:44.0912 4724 WmiAcpi - ok
19:54:44.0952 4724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:54:45.0002 4724 ws2ifsl - ok
19:54:45.0045 4724 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:54:45.0105 4724 WudfPf - ok
19:54:45.0119 4724 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:45.0195 4724 WUDFRd - ok
19:54:45.0256 4724 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:54:45.0418 4724 \Device\Harddisk0\DR0 - ok
19:54:45.0418 4724 Boot (0x1200) (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
19:54:45.0418 4724 \Device\Harddisk0\DR0\Partition0 - ok
19:54:45.0448 4724 Boot (0x1200) (855427b9fd2ceb3b180b160feda57196) \Device\Harddisk0\DR0\Partition1
19:54:45.0448 4724 \Device\Harddisk0\DR0\Partition1 - ok
19:54:45.0448 4724 ============================================================
19:54:45.0448 4724 Scan finished
19:54:45.0448 4724 ============================================================
19:54:45.0468 4704 Detected object count: 1
19:54:45.0468 4704 Actual detected object count: 1
19:55:07.0068 4704 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:07.0068 4704 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.03.2012, 21:10
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2012, 22:27
| #24 |
| | Broken.OpenCommand Virus Bitte sehr! Code:
ATTFilter ComboFix 12-03-16.03 - Medico 16.03.2012 21:33:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4094.2738 [GMT 1:00]
ausgeführt von:: c:\users\Gast\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Gast\install64.exe
c:\users\Gast\OTL.exe
c:\users\Gast\videos\PROMT9_Professional_EngGer_EGE.exe
c:\users\Gast\VobSub_2.23.exe
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-16 bis 2012-03-16 ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:44 . 2012-03-16 20:44 -------- d-----w- c:\users\sdasd\AppData\Local\temp
2012-03-16 20:44 . 2012-03-16 20:44 -------- d-----w- c:\users\Medico\AppData\Local\temp
2012-03-16 20:44 . 2012-03-16 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 18:45 . 2012-03-16 18:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25FE9BF2-95AD-461A-B3E6-16FDE1AD820B}\offreg.dll
2012-03-16 17:17 . 2012-03-16 17:17 -------- d-----w- C:\_OTL
2012-03-16 09:47 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25FE9BF2-95AD-461A-B3E6-16FDE1AD820B}\mpengine.dll
2012-03-14 23:21 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 23:21 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:21 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:06 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:06 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:06 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:06 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 12:06 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 12:06 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 12:06 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 12:06 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 12:06 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 12:06 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 12:06 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 11:55 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:55 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:55 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:54 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:54 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:54 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:54 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 10:20 . 2012-03-13 10:20 -------- d-----w- c:\windows\Options
2012-03-10 09:51 . 2012-03-10 09:51 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-10 09:51 . 2012-03-10 09:51 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-07 22:13 . 2012-03-12 20:06 -------- d-----w- c:\users\Medico\AppData\Roaming\gnupg
2012-03-06 21:46 . 2012-03-06 21:46 -------- d-----w- c:\program files (x86)\ESET
2012-03-05 19:09 . 2012-03-05 19:09 388096 ----a-r- c:\users\Gast\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-05 19:09 . 2012-03-05 19:09 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-05 17:07 . 2012-03-05 17:07 -------- d-----w- c:\program files (x86)\Secure Banking
2012-03-03 17:52 . 2012-03-03 20:33 -------- d-----w- c:\users\Gast\AppData\Local\Vidalia
2012-02-26 19:21 . 2012-02-27 13:12 -------- d-----w- c:\users\Gast\AppData\Roaming\TrueCrypt
2012-02-26 19:20 . 2012-02-26 19:20 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-02-26 19:19 . 2012-02-26 19:24 -------- d-----w- c:\program files\TrueCrypt
2012-02-26 15:40 . 2012-02-26 15:40 -------- d-----w- c:\program files (x86)\Tools&More
2012-02-26 09:39 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-24 22:53 . 2012-02-24 22:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-24 22:53 . 2012-02-24 22:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-24 21:55 . 2012-02-24 21:57 -------- d-----w- c:\program files\Oracle
2012-02-24 21:54 . 2011-11-08 18:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-24 21:54 . 2011-11-08 18:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 19:00 . 2011-10-17 17:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-22 20:46 . 2012-02-22 20:46 61440 ----a-w- c:\windows\SysWow64\drivers\yaduktlx.sys
2012-02-21 11:31 . 2012-01-26 10:54 2135552 ----a-w- c:\windows\system32\Incinerator64.dll
2012-02-21 11:31 . 2012-01-26 10:54 2077184 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-02-19 16:29 . 2012-02-19 16:29 -------- d-----w- c:\program files\Recuva
2012-02-19 15:28 . 2012-02-19 15:28 -------- d-----w- c:\users\Gast\AppData\Roaming\iolo
2012-02-19 15:03 . 2008-12-09 09:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2012-02-19 15:02 . 2010-09-23 12:29 511328 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-02-19 15:02 . 2011-04-04 15:38 91136 ----a-w- c:\windows\system32\IncContxMenu.dll
2012-02-19 15:02 . 2012-01-26 10:40 15360 ----a-w- c:\windows\system32\smrgdf.exe
2012-02-19 15:02 . 2012-01-26 10:41 46080 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-02-19 15:01 . 2010-02-08 22:36 69000 ----a-w- c:\windows\system32\offreg.dll
2012-02-19 15:01 . 2010-02-08 21:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll
2012-02-19 15:01 . 2012-02-19 15:01 -------- d-----w- c:\program files (x86)\iolo
2012-02-19 14:55 . 2012-02-19 14:55 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-02-19 14:55 . 2012-02-22 19:39 -------- d-----w- c:\programdata\iolo
2012-02-19 14:55 . 2012-02-19 15:18 -------- d-----w- c:\users\Medico\AppData\Roaming\iolo
2012-02-16 13:40 . 2012-02-16 13:40 -------- d-----w- c:\users\Gast\AppData\Roaming\Malwarebytes
2012-02-15 23:37 . 2012-02-15 23:37 -------- d-----w- c:\users\Medico\AppData\Roaming\Malwarebytes
2012-02-15 23:36 . 2012-02-15 23:36 -------- d-----w- c:\programdata\Malwarebytes
2012-02-15 23:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 23:36 . 2012-02-15 23:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:52 . 2011-06-20 00:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 16:23 . 2010-11-24 14:06 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2010-11-24 14:06 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2011-01-21 17:51 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-04-11 19:32 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2010-11-24 14:07 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2010-11-24 14:07 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2010-11-24 14:07 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2010-11-24 14:07 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2009-11-26 21:24 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-15 09:34 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 09:34 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 09:34 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 09:34 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 09:33 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2010-01-24 11:32 . 2010-01-24 11:32 8840816 ----a-w- c:\program files\Thunderbird Setup 3.0.1.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-08 22:14 . 95EB6A01C0A4CB9514EE30768A5379BA . 17790464 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[7] 2011-12-16 . A668888B8AA45E8C21A451A936B589A2 . 9019904 . . [8.00.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_8c02f34aafe34bfb\mshtml.dll
[7] 2011-12-16 . 7F821BED26D263F3853C6AAA62DF5B43 . 9335296 . . [8.00.7600.16930] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_8a236508b2b85ec2\mshtml.dll
[7] 2011-12-16 . 3B3CBA1C6F0F83ED1B869C66EA31E36E . 9019392 . . [8.00.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_8c702179c915a4f4\mshtml.dll
[7] 2011-12-16 . 0FBD1ED7A6B4F15B767A9AEF12E4C135 . 9338368 . . [8.00.7600.21108] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_8ad54c09cbb6a8b3\mshtml.dll
[-] 2012-03-08 22:14 . 95EB6A01C0A4CB9514EE30768A5379BA . 17790464 . . [------] .. c:\windows\system32\mshtml.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart-Manager 2006"="c:\program files (x86)\Tools&More\Autostart-Manager\AutoStart-Manager.exe" [2005-12-23 397312]
"SecureBanking"="c:\program files (x86)\Secure Banking\v1.3\SecureBanking.exe" [2012-02-13 258048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-02-23 4031368]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GNUnet;GNUnet;c:\program files (x86)\GNU\GNUnet\bin\gnunetd.exe [2010-02-23 12288]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-26 722616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]
R3 AVerAF15DMBTH64;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
S0 94349652;94349652 Boot Guard Driver;c:\windows\system32\DRIVERS\94349652.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 94349651;94349651;c:\windows\system32\DRIVERS\94349651.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 setup_9.0.0.722_14.04.2011_20-50drv;setup_9.0.0.722_14.04.2011_20-50drv;c:\windows\system32\DRIVERS\9434965.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 119632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-26 722616]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37280981
*Deregistered* - 37280981
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 21:52]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 21:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c3,ba,2a,14,76,5c,f9,70,ba,8d,e3,ec,da,42,86,f1,ee,b4,a6,96,e2,
5d,6f,2b,d5,09,94,30,5f,cb,a6,0c,73,52,52,62,35,f9,c6,bd,ef,bc,79,c1,69,54,\
"rkeysecu"=hex:ab,c8,d4,b3,7f,96,cb,e9,cd,19,35,13,59,9c,81,f5
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,84,85,d5,0a,f0,ff,45,80,d4,ee,5c,26,eb,be,51,1c,c7,00,c8,29,36,4a,
cd,59,15,f3,56,f6,b1,87,34,d4,08,43,74,0b,8c,2e,c6,bc,0a,77,c9,88,c5,e0,a0,\
"??"=hex:8b,d1,ae,7c,94,b7,39,61,8e,0a,bb,ac,7b,17,5a,b8
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\SecuROM\License information*]
"datasecu"=hex:8e,5e,63,ec,72,fe,72,ed,27,20,a9,9f,94,c1,b9,fc,76,be,b0,85,f5,
d0,55,c7,28,64,7e,99,0a,50,c4,30,2e,d7,72,e4,99,90,2c,73,62,c1,fb,f2,9d,fc,\
"rkeysecu"=hex:04,f1,cb,4d,c9,be,51,30,fe,c2,99,a0,19,6f,d9,45
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-16 21:50:32
ComboFix-quarantined-files.txt 2012-03-16 20:50
.
Vor Suchlauf: 19 Verzeichnis(se), 82.609.102.848 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 89.698.738.176 Bytes frei
.
- - End Of File - - 3B53AF93744CECA2EA182B4C60F263D4
|
|
17.03.2012, 14:40
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 17:29
| #26 |
| | Broken.OpenCommand VirusCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-17 17:13:41
-----------------------------
17:13:41.226 OS Version: Windows x64 6.1.7600
17:13:41.226 Number of processors: 2 586 0x602
17:13:41.229 ComputerName: MEDICO-PC UserName: Medico
17:13:42.084 Initialize success
17:13:45.386 AVAST engine defs: 12031700
17:13:48.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
17:13:48.679 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 11
17:13:48.706 Disk 0 MBR read successfully
17:13:48.709 Disk 0 MBR scan
17:13:48.711 Disk 0 Windows VISTA default MBR code
17:13:48.726 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
17:13:48.739 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
17:13:48.751 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464838 MB offset 24782848
17:13:48.796 Disk 0 scanning C:\Windows\system32\drivers
17:13:58.179 Service scanning
17:14:26.407 Modules scanning
17:14:26.414 Disk 0 trace - called modules:
17:14:26.487 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
17:14:26.817 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003da0060]
17:14:26.822 3 CLASSPNP.SYS[fffff8800174143f] -> nt!IofCallDriver -> [0xfffffa8003d90040]
17:14:26.829 5 amdxata.sys[fffff8800106b8b9] -> nt!IofCallDriver -> [0xfffffa8003d8c040]
17:14:26.837 7 ACPI.sys[fffff88000ef1781] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa8003d8c660]
17:14:28.157 AVAST engine scan C:\Windows
17:14:36.125 AVAST engine scan C:\Windows\system32
17:18:14.976 AVAST engine scan C:\Windows\system32\drivers
17:18:27.471 AVAST engine scan C:\Users\Medico
17:22:36.198 AVAST engine scan C:\ProgramData
17:24:51.039 Scan finished successfully
17:26:42.941 Disk 0 MBR has been saved successfully to "C:\Users\Gast\Desktop\MBR.dat"
17:26:42.948 The log file has been saved successfully to "C:\Users\Gast\Desktop\aswMBR.txt"
|
|
19.03.2012, 15:11
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2012, 01:48
| #28 |
| | Broken.OpenCommand Virus Habe ein Virus gefunden, bez. nicht den es exestiert laut System nicht. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/21/2012 at 01:33 AM
Application Version : 5.0.1146
Core Rules Database Version : 8355
Trace Rules Database Version: 6167
Scan type : Complete Scan
Total Scan Time : 01:29:56
Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator
Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 72320
Registry threats detected : 0
File items scanned : 85659
File threats detected : 1
Adware.Tracking Cookie
zensiert [ C:\USERS\GAST\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YE3VCMP6 ]
Da die datei nicht mehr exestieren würde unter eigenschaften hab ich herausgefunden das dies eine Shell datei ist, was mich beunruhigt. War zu 100 % noch nie auf die Seite. Namen habe ich zensiert da diese ein Sexnamen hat. Da ich aber grundsätzlich solch seiten nicht besuch, hab ich mir die dort auch nicht eingefangen. Was kann ich machen? Google sagt zum Namen auch nix. Würde mein System ja neu aufsetzen, nur hab ich ein Laptop und kein Backup. |
|
21.03.2012, 02:09
| #29 |
| | Broken.OpenCommand Virus nach recherche: http://www.trojaner-board.de/99715-b...chsorge-3.html Name der Datei befindet sich dort auch in einen Log mit SuperAntiSpyware Geändert von medico (21.03.2012 um 02:14 Uhr) |
|
21.03.2012, 15:18
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Broken.OpenCommand Virus Das ist KEIN Virus sondern ein Cookie! Was ist mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Broken.OpenCommand Virus |
| ad-aware, avast, banking, befinden, cookies, endeckt, erkannt, erstell, erstellt, geholfen, gmer, guten, ignoriert, löschen, meldung, ordner, programme, registry, schonmal, secure, secure banking, spybot, titel, versuche, viren, virus |
Linear-Darstellung
