Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-0840.FL - Virus losgeworden?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2012, 20:55   #16
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Sodele. Einmal im normalen Modus:

Code:
ATTFilter
OTL logfile created on: 08.03.2012 20:36:19 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = C:\Users\Ragey\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,69% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 18,06 Gb Free Space | 32,37% Space Free | Partition Type: NTFS
Drive E: | 29,29 Gb Total Space | 14,63 Gb Free Space | 49,93% Space Free | Partition Type: NTFS
Drive F: | 566,88 Gb Total Space | 60,48 Gb Free Space | 10,67% Space Free | Partition Type: NTFS
Drive M: | 732,42 Gb Total Space | 173,06 Gb Free Space | 23,63% Space Free | Partition Type: NTFS
Drive S: | 199,09 Gb Total Space | 134,03 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
 
Computer Name: BANANANA | User Name: Ragey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.06 02:22:48 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.03.06 02:17:42 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.09.15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe
PRC - [2007.07.18 09:19:02 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.12.08 15:50:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.11.30 18:53:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008.07.26 19:56:04 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Desksave\DeskSave.exe
MOD - [2006.06.09 19:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.02.26 21:28:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.09.13 11:40:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 19:06:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.27 12:12:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2011.02.27 12:12:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.11.15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.12 14:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.13 11:40:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.13 11:40:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.02.28 16:33:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.02.27 11:59:52 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.11.02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010.10.25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010.10.25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010.03.06 03:53:22 | 001,561,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.03.06 03:53:08 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.03.06 03:53:00 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.03.06 03:52:52 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.03.06 03:52:44 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.03.06 03:52:36 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.03.06 03:52:26 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.03.06 03:52:16 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.03.06 03:52:06 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.03.06 03:51:58 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.20 10:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01  [binary data]
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.05 11:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.08 21:43:13 | 000,000,000 | ---D | M]
 
[2011.02.27 12:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Extensions
[2012.03.05 11:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ragey\AppData\Roaming\mozilla\Firefox\Profiles\f66f7kgp.default\extensions
[2011.03.09 11:06:05 | 000,001,180 | ---- | M] () -- C:\Users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\searchplugins\urban-dictionary.xml
[2012.03.05 11:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RAGEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F66F7KGP.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012.03.05 11:37:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.27 16:57:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.05 11:37:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.05 11:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.05 11:37:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.05 11:37:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.05 11:37:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.05 11:37:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.28 16:29:20 | 000,001,163 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [7 Taskbar Tweaker] C:\Program Files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe ()
O4 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001..\Run: [DeskSave] C:\Program Files (x86)\Desksave\DeskSave.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{233C1A0D-6BF9-4BBE-8E72-BA6E811792E4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4D7CB59-27AE-47B1-B48D-DDA81DBB2813}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.08 15:45:54 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe
[2012.03.08 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.06 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes
[2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.06 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.06 19:09:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.06 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.06 19:08:59 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.03.05 21:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.05 21:35:07 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe
[2012.03.05 11:24:15 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe
[2012.03.05 11:24:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe
[2012.03.04 22:02:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\TeamViewer
[2012.03.04 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\Opera
[2012.03.03 11:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine
[2012.02.28 12:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012.02.25 13:31:59 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\MusikG
[2012.02.18 15:59:25 | 000,000,000 | ---D | C] -- C:\BDS
[2012.02.12 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\120210_Testkali
[2012.02.12 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Ragey\Desktop\KalibrierSerieFertig2 - Kopie
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 19:58:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 19:57:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.08 19:57:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.08 19:57:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.08 19:57:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.08 19:57:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.08 19:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 19:50:11 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.08 15:45:54 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ragey\Desktop\OTL.exe
[2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.03.07 20:50:16 | 000,063,172 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.03.07 20:50:16 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012.03.06 19:09:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.06 19:09:05 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ragey\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.06 18:15:51 | 004,989,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 21:35:39 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.05 20:53:35 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Ragey\Desktop\ccsetup316.exe
[2012.03.05 11:35:24 | 000,236,732 | ---- | M] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json
[2012.03.05 11:15:07 | 001,857,786 | ---- | M] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip
[2012.03.05 11:10:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ragey\Desktop\HiJackThis204.exe
[2012.03.04 21:51:53 | 000,632,600 | ---- | M] () -- C:\Users\Ragey\Desktop\Unbenannt.png
[2012.03.04 21:48:33 | 000,048,623 | ---- | M] () -- C:\Users\Ragey\Desktop\md5check.zip
[2012.03.01 19:06:41 | 000,057,023 | ---- | M] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg
[2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.23 10:18:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.19 17:12:59 | 000,001,094 | ---- | M] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk
[2012.02.14 13:10:12 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Ragey\Desktop\procexp.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.08 12:08:41 | 000,002,090 | ---- | C] () -- C:\Users\Ragey\Desktop\AntiVir starten.lnk
[2012.03.06 19:09:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.06 18:15:38 | 004,989,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 21:35:39 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.05 11:35:24 | 000,236,732 | ---- | C] () -- C:\Users\Ragey\Desktop\bookmarks-2012-03-05.json
[2012.03.05 11:24:15 | 000,072,268 | ---- | C] () -- C:\Users\Ragey\Desktop\procexp.chm
[2012.03.05 11:24:05 | 001,857,786 | ---- | C] () -- C:\Users\Ragey\Desktop\Process1513Explorer.zip
[2012.03.05 11:24:05 | 000,048,623 | ---- | C] () -- C:\Users\Ragey\Desktop\md5check.zip
[2012.03.04 21:51:52 | 000,632,600 | ---- | C] () -- C:\Users\Ragey\Desktop\Unbenannt.png
[2012.03.01 19:06:41 | 000,057,023 | ---- | C] () -- C:\Users\Ragey\Desktop\9d9e83ad-8fbf-426b-9d9f-2384c40c3fbd.jpg
[2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.23 10:18:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.19 17:12:59 | 000,001,094 | ---- | C] () -- C:\Users\Ragey\Desktop\***** ** **** *.lnk
[2012.01.29 13:30:58 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.30 12:37:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2011.05.23 11:39:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011.05.20 17:51:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.16 13:56:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.04 12:29:55 | 000,007,597 | ---- | C] () -- C:\Users\Ragey\AppData\Local\Resmon.ResmonCfg
[2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\String Ensemble
[2011.03.03 13:58:14 | 000,000,268 | RH-- | C] () -- C:\Users\Ragey\AppData\Roaming\Static Library
[2011.03.03 13:58:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.02.28 18:55:40 | 000,000,132 | ---- | C] () -- C:\Users\Ragey\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.02.27 22:16:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.27 22:16:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.27 22:16:49 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.02.27 22:16:49 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.02.27 12:13:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.02.27 12:13:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.02.27 12:12:48 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011.02.27 12:12:48 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011.02.27 12:12:48 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011.02.27 12:12:48 | 000,021,164 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011.02.27 12:12:48 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011.02.27 12:12:48 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011.02.27 12:12:48 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2011.02.27 12:12:48 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2011.02.27 12:12:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011.02.27 12:12:38 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2011.02.27 11:55:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== LOP Check ==========
 
[2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine
[2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited
[2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook
[2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite
[2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile
[2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox
[2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon
[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera
[2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games
[2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware
[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer
[2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2
[2012.02.07 16:45:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.06 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Adobe
[2011.03.01 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Avira
[2012.03.03 11:18:03 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\BigHugeEngine
[2011.03.03 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Canneverbe Limited
[2011.12.05 16:07:38 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Cinebook
[2012.03.05 21:41:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DAEMON Tools Lite
[2011.09.14 12:36:36 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\DelinvFile
[2012.02.15 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Dropbox
[2011.09.18 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\dvdcss
[2011.03.03 16:35:01 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\FastStone
[2012.03.04 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Identities
[2011.02.27 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\InstallShield
[2011.02.28 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Macromedia
[2012.03.06 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Media Center Programs
[2011.07.07 17:00:17 | 000,000,000 | --SD | M] -- C:\Users\Ragey\AppData\Roaming\Microsoft
[2011.02.27 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Mozilla
[2011.03.03 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Nikon
[2011.10.19 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\NVIDIA
[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Opera
[2011.09.11 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\runic games
[2011.12.11 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\SaalDesignSoftware
[2012.03.04 21:34:11 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\TeamViewer
[2012.01.28 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Trine2
[2012.02.12 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\vlc
[2012.03.05 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\Winamp
[2011.02.27 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WinRAR
[2011.02.28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Ragey\AppData\Roaming\WTablet
 
< %APPDATA%\*.exe /s >
[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ragey\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.05 16:06:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ragey\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.05.30 12:37:48 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Ragey\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 08.03.2012, 22:39   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 8B BE B6 17 B8 CC 01  [binary data]
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell - "" = AutoRun
O33 - MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\Shell\AutoRun\command - "" = G:\Setup.exe
:Files
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________

__________________

Geändert von cosinus (08.03.2012 um 23:30 Uhr) Grund: Hab den Fund von ESET noch eingebaut

Alt 08.03.2012, 23:21   #18
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Reicht es da, wenn der Antivir Guard deaktiviert ist, oder darf gar keine Instanz von Antivir laufen?
Und der Fund von ESET, muss ich da auch noch irgendwas separat löschen? Entschuldige, wenn ich voreilige Fragen stelle :/
Ich muss jetzt leider langsam Schluss machen, morgen früh ruft die Arbeit. Ich mache dann an der Stelle morgen nachmittag weiter.
Aber schonmal vielen Dank für die Zeit, die du heute erübrigt hast. Gute Nacht!
__________________

Alt 08.03.2012, 23:31   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Nein das ist schon so ok, hab den Fund von ESET noch mit ins Script aufgenommen. Es reicht wenn du AntiVir deaktivierst
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2012, 07:28   #20
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Morgen! Habs gerade noch schnell laufen lassen:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3710166084-3430410099-517378891-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6b17a-4332-11e0-953f-0018f344c960}\ not found.
File G:\Setup.exe not found.
========== FILES ==========
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Ragey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Ragey
->Temp folder emptied: 109568 bytes
->Temporary Internet Files folder emptied: 824648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49450407 bytes
->Flash cache emptied: 56967 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 512000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356772 bytes
RecycleBin emptied: 4644368 bytes
 
Total Files Cleaned = 98,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03092012_072804

Files\Folders moved on Reboot...
C:\Users\Ragey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ragey\AppData\Local\Temp\stt471D.tmp not found!

Registry entries deleted on Reboot...
         


Alt 09.03.2012, 09:38   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> EXP/CVE-2010-0840.FL - Virus losgeworden?

Alt 09.03.2012, 16:52   #22
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Okay, wieder am PC und mit TDSS-Killer gescannt: Hat nichts bemängelt.

Edit: Hatte den ersten Scan nicht als Admin ausgeführt, aber am Ergebnis hat sich nichts geändert
Code:
ATTFilter
16:55:16.0325 3792	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:55:16.0435 3792	============================================================
16:55:16.0435 3792	Current date / time: 2012/03/09 16:55:16.0435
16:55:16.0435 3792	SystemInfo:
16:55:16.0435 3792	
16:55:16.0435 3792	OS Version: 6.1.7600 ServicePack: 0.0
16:55:16.0435 3792	Product type: Workstation
16:55:16.0435 3792	ComputerName: BANANANA
16:55:16.0435 3792	UserName: Ragey
16:55:16.0435 3792	Windows directory: C:\Windows
16:55:16.0435 3792	System windows directory: C:\Windows
16:55:16.0435 3792	Running under WOW64
16:55:16.0435 3792	Processor architecture: Intel x64
16:55:16.0435 3792	Number of processors: 4
16:55:16.0435 3792	Page size: 0x1000
16:55:16.0435 3792	Boot type: Normal boot
16:55:16.0435 3792	============================================================
16:55:16.0653 3792	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:16.0653 3792	Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x6B98, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:55:16.0653 3792	Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:16.0669 3792	\Device\Harddisk0\DR0:
16:55:16.0669 3792	MBR used
16:55:16.0669 3792	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x46DC0B92
16:55:16.0669 3792	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x46DC0BD1, BlocksNum 0x3A962F0
16:55:16.0669 3792	\Device\Harddisk1\DR1:
16:55:16.0669 3792	MBR used
16:55:16.0669 3792	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
16:55:16.0669 3792	\Device\Harddisk2\DR2:
16:55:16.0669 3792	MBR used
16:55:16.0669 3792	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x18E2D800
16:55:16.0669 3792	\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x18E2E000, BlocksNum 0x5B8D7800
16:55:16.0715 3792	Initialize success
16:55:16.0715 3792	============================================================
16:55:21.0645 3632	============================================================
16:55:21.0645 3632	Scan started
16:55:21.0645 3632	Mode: Manual; SigCheck; TDLFS; 
16:55:21.0645 3632	============================================================
16:55:21.0801 3632	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:55:21.0832 3632	1394ohci - ok
16:55:21.0863 3632	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:55:21.0879 3632	ACPI - ok
16:55:21.0895 3632	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:55:21.0910 3632	AcpiPmi - ok
16:55:21.0926 3632	ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
16:55:21.0941 3632	ADIHdAudAddService - ok
16:55:21.0957 3632	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:55:21.0973 3632	adp94xx - ok
16:55:21.0988 3632	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:55:22.0004 3632	adpahci - ok
16:55:22.0019 3632	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:55:22.0035 3632	adpu320 - ok
16:55:22.0066 3632	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:55:22.0082 3632	AFD - ok
16:55:22.0097 3632	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:55:22.0113 3632	agp440 - ok
16:55:22.0129 3632	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:55:22.0129 3632	aliide - ok
16:55:22.0144 3632	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:55:22.0160 3632	amdide - ok
16:55:22.0175 3632	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:55:22.0175 3632	AmdK8 - ok
16:55:22.0191 3632	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:55:22.0207 3632	AmdPPM - ok
16:55:22.0222 3632	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:55:22.0238 3632	amdsata - ok
16:55:22.0253 3632	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:55:22.0269 3632	amdsbs - ok
16:55:22.0285 3632	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:55:22.0285 3632	amdxata - ok
16:55:22.0300 3632	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:55:22.0316 3632	AppID - ok
16:55:22.0347 3632	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:55:22.0347 3632	arc - ok
16:55:22.0363 3632	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:55:22.0378 3632	arcsas - ok
16:55:22.0378 3632	AsIO - ok
16:55:22.0394 3632	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:22.0425 3632	AsyncMac - ok
16:55:22.0441 3632	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:55:22.0456 3632	atapi - ok
16:55:22.0472 3632	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:55:22.0487 3632	avgntflt - ok
16:55:22.0503 3632	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:55:22.0503 3632	avipbb - ok
16:55:22.0534 3632	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:55:22.0550 3632	b06bdrv - ok
16:55:22.0565 3632	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:55:22.0581 3632	b57nd60a - ok
16:55:22.0597 3632	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:55:22.0628 3632	Beep - ok
16:55:22.0643 3632	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:55:22.0659 3632	blbdrive - ok
16:55:22.0675 3632	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:55:22.0690 3632	bowser - ok
16:55:22.0706 3632	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:55:22.0721 3632	BrFiltLo - ok
16:55:22.0721 3632	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:55:22.0737 3632	BrFiltUp - ok
16:55:22.0768 3632	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:55:22.0768 3632	Brserid - ok
16:55:22.0784 3632	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:55:22.0799 3632	BrSerWdm - ok
16:55:22.0815 3632	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:55:22.0831 3632	BrUsbMdm - ok
16:55:22.0846 3632	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:55:22.0862 3632	BrUsbSer - ok
16:55:22.0877 3632	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:55:22.0893 3632	BTHMODEM - ok
16:55:22.0909 3632	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:55:22.0940 3632	cdfs - ok
16:55:22.0955 3632	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:55:22.0971 3632	cdrom - ok
16:55:22.0987 3632	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:55:23.0002 3632	circlass - ok
16:55:23.0018 3632	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:55:23.0033 3632	CLFS - ok
16:55:23.0049 3632	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:55:23.0065 3632	CmBatt - ok
16:55:23.0080 3632	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:55:23.0080 3632	cmdide - ok
16:55:23.0111 3632	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:55:23.0127 3632	CNG - ok
16:55:23.0143 3632	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:55:23.0143 3632	Compbatt - ok
16:55:23.0158 3632	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:55:23.0174 3632	CompositeBus - ok
16:55:23.0189 3632	cpuz130 - ok
16:55:23.0205 3632	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:55:23.0205 3632	crcdisk - ok
16:55:23.0236 3632	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:55:23.0252 3632	CSC - ok
16:55:23.0267 3632	CT20XUT         (0c87302db0f22d7be38be41c86551d26) C:\Windows\system32\drivers\CT20XUT.SYS
16:55:23.0283 3632	CT20XUT - ok
16:55:23.0299 3632	CT20XUT.SYS     (0c87302db0f22d7be38be41c86551d26) C:\Windows\System32\drivers\CT20XUT.SYS
16:55:23.0314 3632	CT20XUT.SYS - ok
16:55:23.0330 3632	ctac32k         (a2608d16bc13d6e7edf5d802b4991700) C:\Windows\system32\drivers\ctac32k.sys
16:55:23.0345 3632	ctac32k - ok
16:55:23.0377 3632	ctaud2k         (0316ef9a21f59614fc95f38b3c1d7426) C:\Windows\system32\drivers\ctaud2k.sys
16:55:23.0392 3632	ctaud2k - ok
16:55:23.0423 3632	CTEXFIFX        (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\system32\drivers\CTEXFIFX.SYS
16:55:23.0439 3632	CTEXFIFX - ok
16:55:23.0486 3632	CTEXFIFX.SYS    (1b13dd29d40ba2ca15d8b6dc5988be05) C:\Windows\System32\drivers\CTEXFIFX.SYS
16:55:23.0501 3632	CTEXFIFX.SYS - ok
16:55:23.0517 3632	CTHWIUT         (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\system32\drivers\CTHWIUT.SYS
16:55:23.0533 3632	CTHWIUT - ok
16:55:23.0548 3632	CTHWIUT.SYS     (0e336585373a7fd8e4cf8c1daa3848ec) C:\Windows\System32\drivers\CTHWIUT.SYS
16:55:23.0548 3632	CTHWIUT.SYS - ok
16:55:23.0564 3632	ctprxy2k        (123637593035dc8f379f8c8940a3eaf4) C:\Windows\system32\drivers\ctprxy2k.sys
16:55:23.0579 3632	ctprxy2k - ok
16:55:23.0595 3632	ctsfm2k         (a0f9d7b87d3589e21abba956548fa574) C:\Windows\system32\drivers\ctsfm2k.sys
16:55:23.0595 3632	ctsfm2k - ok
16:55:23.0626 3632	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:55:23.0626 3632	DfsC - ok
16:55:23.0642 3632	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:55:23.0673 3632	discache - ok
16:55:23.0689 3632	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:55:23.0704 3632	Disk - ok
16:55:23.0720 3632	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:55:23.0735 3632	Dot4 - ok
16:55:23.0751 3632	Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:55:23.0767 3632	Dot4Print - ok
16:55:23.0782 3632	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:55:23.0798 3632	dot4usb - ok
16:55:23.0813 3632	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:55:23.0829 3632	drmkaud - ok
16:55:23.0845 3632	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:55:23.0860 3632	dtsoftbus01 - ok
16:55:23.0876 3632	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:55:23.0907 3632	DXGKrnl - ok
16:55:23.0969 3632	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:55:24.0016 3632	ebdrv - ok
16:55:24.0032 3632	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:55:24.0063 3632	elxstor - ok
16:55:24.0079 3632	emupia          (f525c6f6ff32744575c76d06606c8466) C:\Windows\system32\drivers\emupia2k.sys
16:55:24.0079 3632	emupia - ok
16:55:24.0094 3632	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:55:24.0110 3632	ErrDev - ok
16:55:24.0125 3632	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:55:24.0157 3632	exfat - ok
16:55:24.0172 3632	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:55:24.0203 3632	fastfat - ok
16:55:24.0219 3632	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:55:24.0235 3632	fdc - ok
16:55:24.0250 3632	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:55:24.0266 3632	FileInfo - ok
16:55:24.0281 3632	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:55:24.0313 3632	Filetrace - ok
16:55:24.0328 3632	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:24.0344 3632	flpydisk - ok
16:55:24.0359 3632	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:55:24.0375 3632	FltMgr - ok
16:55:24.0391 3632	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:55:24.0406 3632	FsDepends - ok
16:55:24.0406 3632	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:55:24.0422 3632	Fs_Rec - ok
16:55:24.0437 3632	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:55:24.0453 3632	fvevol - ok
16:55:24.0469 3632	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:55:24.0484 3632	gagp30kx - ok
16:55:24.0515 3632	ha20x2k         (52c2aa23c3931f699d647c80cb5c6ed5) C:\Windows\system32\drivers\ha20x2k.sys
16:55:24.0547 3632	ha20x2k - ok
16:55:24.0578 3632	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:55:24.0578 3632	hcw85cir - ok
16:55:24.0609 3632	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:55:24.0625 3632	HdAudAddService - ok
16:55:24.0640 3632	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:24.0656 3632	HDAudBus - ok
16:55:24.0671 3632	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:55:24.0671 3632	HidBatt - ok
16:55:24.0687 3632	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:55:24.0703 3632	HidBth - ok
16:55:24.0718 3632	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:55:24.0734 3632	HidIr - ok
16:55:24.0749 3632	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:55:24.0765 3632	HidUsb - ok
16:55:24.0781 3632	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:55:24.0796 3632	HpSAMD - ok
16:55:24.0827 3632	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:55:24.0859 3632	HTTP - ok
16:55:24.0874 3632	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:55:24.0890 3632	hwpolicy - ok
16:55:24.0905 3632	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:24.0905 3632	i8042prt - ok
16:55:24.0937 3632	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:55:24.0952 3632	iaStorV - ok
16:55:24.0968 3632	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:55:24.0968 3632	iirsp - ok
16:55:24.0999 3632	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:55:24.0999 3632	intelide - ok
16:55:25.0015 3632	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:55:25.0030 3632	intelppm - ok
16:55:25.0046 3632	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:25.0077 3632	IpFilterDriver - ok
16:55:25.0093 3632	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:55:25.0108 3632	IPMIDRV - ok
16:55:25.0124 3632	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:55:25.0155 3632	IPNAT - ok
16:55:25.0171 3632	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:55:25.0186 3632	IRENUM - ok
16:55:25.0202 3632	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:55:25.0217 3632	isapnp - ok
16:55:25.0233 3632	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:25.0249 3632	iScsiPrt - ok
16:55:25.0264 3632	JRAID           (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
16:55:25.0264 3632	JRAID - ok
16:55:25.0280 3632	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:25.0295 3632	kbdclass - ok
16:55:25.0311 3632	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:25.0311 3632	kbdhid - ok
16:55:25.0327 3632	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:55:25.0342 3632	KSecDD - ok
16:55:25.0358 3632	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:55:25.0373 3632	KSecPkg - ok
16:55:25.0389 3632	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:55:25.0420 3632	ksthunk - ok
16:55:25.0436 3632	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:55:25.0467 3632	lltdio - ok
16:55:25.0498 3632	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:55:25.0498 3632	LSI_FC - ok
16:55:25.0514 3632	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:55:25.0529 3632	LSI_SAS - ok
16:55:25.0545 3632	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:55:25.0561 3632	LSI_SAS2 - ok
16:55:25.0576 3632	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:55:25.0576 3632	LSI_SCSI - ok
16:55:25.0592 3632	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:55:25.0639 3632	luafv - ok
16:55:25.0654 3632	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:55:25.0654 3632	megasas - ok
16:55:25.0670 3632	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:55:25.0685 3632	MegaSR - ok
16:55:25.0701 3632	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:55:25.0748 3632	Modem - ok
16:55:25.0748 3632	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:55:25.0763 3632	monitor - ok
16:55:25.0779 3632	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:55:25.0795 3632	mouclass - ok
16:55:25.0810 3632	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:55:25.0826 3632	mouhid - ok
16:55:25.0841 3632	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:55:25.0857 3632	mountmgr - ok
16:55:25.0873 3632	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:55:25.0873 3632	mpio - ok
16:55:25.0888 3632	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:55:25.0919 3632	mpsdrv - ok
16:55:25.0951 3632	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:55:25.0966 3632	MRxDAV - ok
16:55:25.0982 3632	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:25.0982 3632	mrxsmb - ok
16:55:26.0013 3632	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:26.0013 3632	mrxsmb10 - ok
16:55:26.0044 3632	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:26.0044 3632	mrxsmb20 - ok
16:55:26.0060 3632	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:55:26.0075 3632	msahci - ok
16:55:26.0091 3632	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:55:26.0107 3632	msdsm - ok
16:55:26.0122 3632	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:55:26.0153 3632	Msfs - ok
16:55:26.0169 3632	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:55:26.0200 3632	mshidkmdf - ok
16:55:26.0216 3632	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:55:26.0216 3632	msisadrv - ok
16:55:26.0231 3632	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:55:26.0278 3632	MSKSSRV - ok
16:55:26.0278 3632	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:26.0309 3632	MSPCLOCK - ok
16:55:26.0325 3632	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:55:26.0356 3632	MSPQM - ok
16:55:26.0387 3632	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:55:26.0403 3632	MsRPC - ok
16:55:26.0419 3632	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:26.0419 3632	mssmbios - ok
16:55:26.0434 3632	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:55:26.0465 3632	MSTEE - ok
16:55:26.0481 3632	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:55:26.0497 3632	MTConfig - ok
16:55:26.0512 3632	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
16:55:26.0512 3632	MTsensor - ok
16:55:26.0528 3632	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:55:26.0543 3632	Mup - ok
16:55:26.0559 3632	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:55:26.0575 3632	NativeWifiP - ok
16:55:26.0606 3632	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:55:26.0637 3632	NDIS - ok
16:55:26.0653 3632	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:55:26.0684 3632	NdisCap - ok
16:55:26.0699 3632	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:26.0731 3632	NdisTapi - ok
16:55:26.0746 3632	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:26.0777 3632	Ndisuio - ok
16:55:26.0793 3632	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:26.0840 3632	NdisWan - ok
16:55:26.0840 3632	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:55:26.0887 3632	NDProxy - ok
16:55:26.0902 3632	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:55:26.0933 3632	NetBIOS - ok
16:55:26.0949 3632	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:55:26.0980 3632	NetBT - ok
16:55:26.0996 3632	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:55:27.0011 3632	nfrd960 - ok
16:55:27.0043 3632	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:55:27.0074 3632	Npfs - ok
16:55:27.0089 3632	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:55:27.0121 3632	nsiproxy - ok
16:55:27.0152 3632	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:55:27.0183 3632	Ntfs - ok
16:55:27.0199 3632	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:55:27.0230 3632	Null - ok
16:55:27.0261 3632	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:55:27.0261 3632	NVHDA - ok
16:55:27.0495 3632	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:55:27.0667 3632	nvlddmkm - ok
16:55:27.0682 3632	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:55:27.0698 3632	nvraid - ok
16:55:27.0713 3632	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:55:27.0729 3632	nvstor - ok
16:55:27.0745 3632	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:55:27.0760 3632	nv_agp - ok
16:55:27.0776 3632	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:55:27.0791 3632	ohci1394 - ok
16:55:27.0807 3632	ossrv           (63a9d079b05207203707a909464a78fd) C:\Windows\system32\drivers\ctoss2k.sys
16:55:27.0807 3632	ossrv - ok
16:55:27.0838 3632	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:55:27.0838 3632	Parport - ok
16:55:27.0854 3632	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:55:27.0869 3632	partmgr - ok
16:55:27.0885 3632	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:55:27.0901 3632	pci - ok
16:55:27.0916 3632	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:55:27.0932 3632	pciide - ok
16:55:27.0947 3632	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:55:27.0947 3632	pcmcia - ok
16:55:27.0963 3632	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:55:27.0979 3632	pcw - ok
16:55:28.0010 3632	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:55:28.0041 3632	PEAUTH - ok
16:55:28.0088 3632	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:55:28.0119 3632	PptpMiniport - ok
16:55:28.0135 3632	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:55:28.0150 3632	Processor - ok
16:55:28.0166 3632	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:55:28.0197 3632	Psched - ok
16:55:28.0228 3632	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:55:28.0259 3632	ql2300 - ok
16:55:28.0275 3632	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:55:28.0291 3632	ql40xx - ok
16:55:28.0306 3632	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:55:28.0322 3632	QWAVEdrv - ok
16:55:28.0337 3632	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:55:28.0369 3632	RasAcd - ok
16:55:28.0384 3632	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:55:28.0415 3632	RasAgileVpn - ok
16:55:28.0431 3632	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:28.0462 3632	Rasl2tp - ok
16:55:28.0478 3632	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:28.0525 3632	RasPppoe - ok
16:55:28.0540 3632	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:28.0571 3632	RasSstp - ok
16:55:28.0587 3632	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:28.0618 3632	rdbss - ok
16:55:28.0634 3632	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:28.0649 3632	rdpbus - ok
16:55:28.0665 3632	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:28.0696 3632	RDPCDD - ok
16:55:28.0712 3632	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:55:28.0727 3632	RDPDR - ok
16:55:28.0743 3632	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:55:28.0774 3632	RDPENCDD - ok
16:55:28.0790 3632	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:55:28.0821 3632	RDPREFMP - ok
16:55:28.0837 3632	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:55:28.0868 3632	RDPWD - ok
16:55:28.0899 3632	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:55:28.0899 3632	rdyboost - ok
16:55:28.0930 3632	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:28.0961 3632	rspndr - ok
16:55:28.0977 3632	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:55:28.0993 3632	s3cap - ok
16:55:29.0008 3632	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:55:29.0008 3632	sbp2port - ok
16:55:29.0039 3632	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:55:29.0071 3632	scfilter - ok
16:55:29.0086 3632	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:55:29.0117 3632	secdrv - ok
16:55:29.0133 3632	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:55:29.0149 3632	Serenum - ok
16:55:29.0164 3632	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:55:29.0180 3632	Serial - ok
16:55:29.0195 3632	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:55:29.0195 3632	sermouse - ok
16:55:29.0227 3632	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:55:29.0242 3632	sffdisk - ok
16:55:29.0258 3632	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:55:29.0273 3632	sffp_mmc - ok
16:55:29.0289 3632	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:55:29.0289 3632	sffp_sd - ok
16:55:29.0305 3632	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:29.0320 3632	sfloppy - ok
16:55:29.0336 3632	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:29.0351 3632	SiSRaid2 - ok
16:55:29.0367 3632	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:29.0383 3632	SiSRaid4 - ok
16:55:29.0398 3632	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:55:29.0429 3632	Smb - ok
16:55:29.0445 3632	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:55:29.0461 3632	spldr - ok
16:55:29.0476 3632	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:55:29.0492 3632	srv - ok
16:55:29.0523 3632	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:55:29.0523 3632	srv2 - ok
16:55:29.0554 3632	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:29.0554 3632	srvnet - ok
16:55:29.0632 3632	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:29.0632 3632	stexstor - ok
16:55:29.0648 3632	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:55:29.0663 3632	storflt - ok
16:55:29.0679 3632	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:55:29.0695 3632	storvsc - ok
16:55:29.0710 3632	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:55:29.0710 3632	swenum - ok
16:55:29.0773 3632	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:55:29.0804 3632	Tcpip - ok
16:55:29.0851 3632	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:29.0882 3632	TCPIP6 - ok
16:55:29.0897 3632	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:55:29.0929 3632	tcpipreg - ok
16:55:29.0944 3632	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:55:29.0976 3632	TDPIPE - ok
16:55:29.0991 3632	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:55:30.0022 3632	TDTCP - ok
16:55:30.0038 3632	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:55:30.0069 3632	tdx - ok
16:55:30.0085 3632	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:55:30.0100 3632	TermDD - ok
16:55:30.0132 3632	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:30.0163 3632	tssecsrv - ok
16:55:30.0178 3632	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:30.0210 3632	tunnel - ok
16:55:30.0225 3632	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:30.0241 3632	uagp35 - ok
16:55:30.0256 3632	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:55:30.0288 3632	udfs - ok
16:55:30.0303 3632	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:55:30.0319 3632	uliagpkx - ok
16:55:30.0334 3632	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:55:30.0350 3632	umbus - ok
16:55:30.0366 3632	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:55:30.0366 3632	UmPass - ok
16:55:30.0397 3632	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:30.0412 3632	usbccgp - ok
16:55:30.0428 3632	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:55:30.0444 3632	usbcir - ok
16:55:30.0459 3632	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:30.0459 3632	usbehci - ok
16:55:30.0490 3632	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:30.0506 3632	usbhub - ok
16:55:30.0522 3632	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:55:30.0522 3632	usbohci - ok
16:55:30.0537 3632	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:30.0553 3632	usbprint - ok
16:55:30.0568 3632	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:30.0584 3632	USBSTOR - ok
16:55:30.0600 3632	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:30.0615 3632	usbuhci - ok
16:55:30.0631 3632	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:55:30.0646 3632	vdrvroot - ok
16:55:30.0662 3632	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:30.0678 3632	vga - ok
16:55:30.0693 3632	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:55:30.0724 3632	VgaSave - ok
16:55:30.0740 3632	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:55:30.0756 3632	vhdmp - ok
16:55:30.0771 3632	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:55:30.0771 3632	viaide - ok
16:55:30.0787 3632	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:55:30.0802 3632	vmbus - ok
16:55:30.0818 3632	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:55:30.0834 3632	VMBusHID - ok
16:55:30.0849 3632	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:55:30.0865 3632	volmgr - ok
16:55:30.0880 3632	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:55:30.0896 3632	volmgrx - ok
16:55:30.0912 3632	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:55:30.0927 3632	volsnap - ok
16:55:30.0943 3632	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:30.0958 3632	vsmraid - ok
16:55:30.0974 3632	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:55:30.0990 3632	vwifibus - ok
16:55:31.0005 3632	wacmoumonitor   (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:55:31.0005 3632	wacmoumonitor - ok
16:55:31.0021 3632	wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:55:31.0036 3632	wacommousefilter - ok
16:55:31.0052 3632	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:31.0068 3632	WacomPen - ok
16:55:31.0083 3632	wacomvhid       (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
16:55:31.0083 3632	wacomvhid - ok
16:55:31.0099 3632	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:31.0130 3632	WANARP - ok
16:55:31.0130 3632	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:31.0177 3632	Wanarpv6 - ok
16:55:31.0192 3632	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:55:31.0208 3632	Wd - ok
16:55:31.0224 3632	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:55:31.0239 3632	Wdf01000 - ok
16:55:31.0270 3632	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:31.0302 3632	WfpLwf - ok
16:55:31.0317 3632	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:55:31.0333 3632	WIMMount - ok
16:55:31.0348 3632	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:55:31.0364 3632	WinUsb - ok
16:55:31.0380 3632	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:55:31.0395 3632	WmiAcpi - ok
16:55:31.0411 3632	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:31.0458 3632	ws2ifsl - ok
16:55:31.0473 3632	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:55:31.0504 3632	WudfPf - ok
16:55:31.0520 3632	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:31.0551 3632	WUDFRd - ok
16:55:31.0582 3632	xusb21          (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
16:55:31.0582 3632	xusb21 - ok
16:55:31.0614 3632	yukonw7         (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
16:55:31.0629 3632	yukonw7 - ok
16:55:31.0645 3632	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:55:31.0879 3632	\Device\Harddisk0\DR0 - ok
16:55:31.0894 3632	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:55:31.0894 3632	\Device\Harddisk1\DR1 - ok
16:55:31.0910 3632	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
16:55:31.0926 3632	\Device\Harddisk2\DR2 - ok
16:55:31.0926 3632	Boot (0x1200)   (c13ed3b4511fc10a77701f764ac8a026) \Device\Harddisk0\DR0\Partition0
16:55:31.0926 3632	\Device\Harddisk0\DR0\Partition0 - ok
16:55:31.0926 3632	Boot (0x1200)   (9f992983f44b7ca6d4517e889a5c4ea0) \Device\Harddisk0\DR0\Partition1
16:55:31.0926 3632	\Device\Harddisk0\DR0\Partition1 - ok
16:55:31.0926 3632	Boot (0x1200)   (05a1eae14d318a9e7d04794c619e2a85) \Device\Harddisk1\DR1\Partition0
16:55:31.0926 3632	\Device\Harddisk1\DR1\Partition0 - ok
16:55:31.0941 3632	Boot (0x1200)   (6b1f90927ebc05fa4cae6e31425f729e) \Device\Harddisk2\DR2\Partition0
16:55:31.0941 3632	\Device\Harddisk2\DR2\Partition0 - ok
16:55:31.0941 3632	Boot (0x1200)   (4bfbfd69fa607019c75dfced8f7dc624) \Device\Harddisk2\DR2\Partition1
16:55:31.0941 3632	\Device\Harddisk2\DR2\Partition1 - ok
16:55:31.0941 3632	============================================================
16:55:31.0941 3632	Scan finished
16:55:31.0941 3632	============================================================
16:55:31.0941 3928	Detected object count: 0
16:55:31.0941 3928	Actual detected object count: 0
         

Alt 10.03.2012, 16:09   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.03.2012, 16:59   #24
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Okay gemacht.. Wenn ich das richtig gesehen habe, hat es mein XPAntispy gelöscht, sonst nichts? Und warum? Infiziert, oder weil es ins System eingreift?

Code:
ATTFilter
ComboFix 12-03-10.02 - Ragey 10.03.2012  16:50:00.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.3042 [GMT 1:00]
ausgeführt von:: c:\users\Ragey\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\users\Ragey\AppData\Local\Temp\stt44EB.tmp
E:\Autorun.inf
F:\Autorun.inf
M:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-10 bis 2012-03-10  ))))))))))))))))))))))))))))))
.
.
2012-03-09 06:28 . 2012-03-09 06:28	--------	d-----w-	C:\_OTL
2012-03-08 12:12 . 2012-03-08 12:12	--------	d-----w-	c:\program files (x86)\ESET
2012-03-06 18:09 . 2012-03-06 18:09	--------	d-----w-	c:\users\Ragey\AppData\Roaming\Malwarebytes
2012-03-06 18:09 . 2012-03-06 18:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-06 18:09 . 2012-03-06 18:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 18:09 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-05 20:35 . 2012-03-05 20:35	--------	d-----w-	c:\program files\CCleaner
2012-03-05 10:37 . 2012-03-05 10:37	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-05 10:37 . 2012-03-05 10:37	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-05 10:37 . 2012-03-05 10:37	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-05 10:37 . 2012-03-05 10:37	45016	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-03-05 10:37 . 2012-03-05 10:37	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-03-05 10:37 . 2012-03-05 10:37	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-03-04 20:34 . 2012-03-04 20:34	--------	d-----w-	c:\users\Ragey\AppData\Roaming\TeamViewer
2012-03-03 10:18 . 2012-03-03 10:18	--------	d-----w-	c:\users\Ragey\AppData\Roaming\BigHugeEngine
2012-02-23 09:21 . 2012-02-23 09:21	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-02-23 09:21 . 2012-02-23 09:21	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-02-18 14:59 . 2012-02-18 15:14	--------	d-----w-	C:\BDS
2012-02-18 14:59 . 2012-02-18 14:59	331908	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-02-18 14:59 . 2012-02-18 14:59	200836	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-02-18 14:59 . 2005-11-13 22:22	757760	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-02-18 14:59 . 2005-11-13 22:22	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-02-18 14:59 . 2005-11-13 22:21	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-02-18 14:59 . 2005-11-13 22:20	204800	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-02-18 14:59 . 2005-11-13 22:19	65024	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-02-18 14:59 . 2005-11-13 22:19	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-02-14 21:40 . 2012-01-14 04:02	3143168	----a-w-	c:\windows\system32\win32k.sys
2012-02-14 21:40 . 2011-12-28 03:59	499200	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-14 21:39 . 2011-12-16 08:42	634368	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-14 21:39 . 2011-12-16 07:59	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7 Taskbar Tweaker"="c:\program files\Taskbar Tweaker\7 Taskbar Tweaker x64.exe" [2011-02-18 181248]
"DeskSave"="c:\program files (x86)\Desksave\DeskSave.exe" [2008-07-26 82944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2011-02-27 36864]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-03-06 25600]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 cpuz130;cpuz130;c:\users\Ragey\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-27 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-02-27 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Ragey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = 
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ragey\AppData\Roaming\Mozilla\Firefox\Profiles\f66f7kgp.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-10  16:56:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-10 15:56
.
Vor Suchlauf: 12 Verzeichnis(se), 18.328.936.448 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 17.835.020.288 Bytes frei
.
- - End Of File - - BB1368CB119D30595000C9CC36B0BB48
         

Alt 12.03.2012, 12:19   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Warum CF AntiSpy gelöscht hat weiß ich nicht. Ein Verlust ist das aber nicht, denn AntiSpy ist ziemlicher Quatsch. Man kann sich damit einiges an abusrden Einstellungen herbeiführen.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 14:56   #26
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Okay, hier das log:

Code:
ATTFilter
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 14:54:46
-----------------------------
14:54:46.058    OS Version: Windows x64 6.1.7600 
14:54:46.058    Number of processors: 4 586 0xF0B
14:54:46.058    ComputerName: BANANANA  UserName: Ragey
14:54:46.183    Initialize success
14:55:37.613    AVAST engine defs: 12031200
14:55:51.934    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
14:55:51.934    Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3
14:55:51.934    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
14:55:51.950    Disk 1 Vendor: OCZ-VERTEX2 1.27 Size: 57241MB BusType: 3
14:55:51.950    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
14:55:51.950    Disk 2 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
14:55:51.950    Disk 1 MBR read successfully
14:55:51.950    Disk 1 MBR scan
14:55:51.965    Disk 1 Windows 7 default MBR code
14:55:51.965    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57139 MB offset 206848
14:55:51.965    Disk 1 scanning C:\Windows\system32\drivers
14:55:55.429    Service scanning
14:56:03.556    Modules scanning
14:56:03.556    Disk 1 trace - called modules:
14:56:03.556    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
14:56:03.572    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80044c3060]
14:56:03.572    3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa8003ece520]
14:56:03.572    5 ACPI.sys[fffff88000f10781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ecf680]
14:56:03.806    AVAST engine scan C:\Windows
14:56:04.461    AVAST engine scan C:\Windows\system32
14:57:20.761    AVAST engine scan C:\Windows\system32\drivers
14:57:24.676    AVAST engine scan C:\Users\Ragey
14:57:36.657    AVAST engine scan C:\ProgramData
14:57:43.178    Scan finished successfully
14:58:21.539    Disk 1 MBR has been saved successfully to "C:\Users\Ragey\Desktop\MBR.dat"
14:58:21.539    The log file has been saved successfully to "C:\Users\Ragey\Desktop\aswMBR.txt"
         

Alt 12.03.2012, 15:35   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 17:34   #28
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Hm, er bootet nicht fertig mit PartedMagic. Letzter Eintrag ist: PnPBios: Disabled by ACPI PNP

EDIT: Bzw beim zweiten Versuch mit ACPI: ACPI bus type pnp unregistered

Geändert von ragey (12.03.2012 um 17:54 Uhr)

Alt 12.03.2012, 18:26   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Kannst du mit Failsafe Settings booten?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 18:33   #30
ragey
 
EXP/CVE-2010-0840.FL - Virus losgeworden? - Standard

EXP/CVE-2010-0840.FL - Virus losgeworden?



Also via Failsafe -> A. Failsafe Settings? Nein, geht auch nicht. Da bleibts irgendwo bei PCI Bridge to bus [bus 02-02] hängen :/

EDIT: An der CD liegt's mal nicht, mit dem Laptop kann ich einwandfrei davon booten.

Ich meine mich aber zu erinnern, dass der Rechner vor eiiiniger Zeit schonmal Probleme hatte, von einer Live-CD zu booten. Damals war die Systemplatte abgeraucht, da hatte ich es glaube ich mit Knoppix versucht.

Geändert von ragey (12.03.2012 um 19:10 Uhr)

Antwort

Themen zu EXP/CVE-2010-0840.FL - Virus losgeworden?
antivir, aufsetzen, autostart, datei, dateien, exp/cve-2010-0840.fl, folge, google, hijack, hijackthis, infizierte, infizierte dateien, java, licensevalidaotor.exe, link, malware, malwarebytes, mozilla, namen, neu aufsetzen, neue, nicht sicher, prozess, scan, schließen, system, taskmanager, unbedingt, upgradehelper.exe, virus, virustotal.com, windows



Ähnliche Themen: EXP/CVE-2010-0840.FL - Virus losgeworden?


  1. Ist Exploits EXP/Blacole.BK.19 und EXP/CVE-2010-0840.FH noch gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (1)
  2. Infektion mit EXP/CVE-2010-0840.DL
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (15)
  3. EXP/CVE-2010-0840.EO (evtl. Verschlüsselungs/BKA-Trojaner)
    Log-Analyse und Auswertung - 13.06.2012 (7)
  4. Mehrere Trojaner auf dem PC (FakeSysdef, CVE-2010-0840, Dropper.gen...)
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (3)
  5. Exploits EXP/CVE-2010-0840
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (14)
  6. EXP/2011-3544.AK und EXP/2010-0840.CN
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (4)
  7. JAVA/Dldr.Tharra.G und EXP/CVE-2010-0840
    Log-Analyse und Auswertung - 18.01.2012 (11)
  8. EXP/2010-0840.AO entfernt - System jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (24)
  9. Trojaner gefunden - TR/Agent.eu und EXP/2010-0840.ag
    Log-Analyse und Auswertung - 14.12.2011 (7)
  10. EXP/CVE-2010-0840.AH und EXP/2010-0840.AN
    Log-Analyse und Auswertung - 22.11.2011 (31)
  11. Virus EXP/2010-0840.BC auf Rechner gefunden
    Log-Analyse und Auswertung - 11.11.2011 (32)
  12. Exploit:Java/CVE-2010-0840.KM von MSE gemeldet
    Log-Analyse und Auswertung - 06.11.2011 (2)
  13. RE: Exploit.Java.CVE-2010-0840.ed bei MbaM Scan
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (1)
  14. Exp/2010-0840
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (14)
  15. EXP/2010-0840.AR BKA Virus oder nicht?
    Log-Analyse und Auswertung - 01.11.2011 (5)
  16. EXP/CVE2010-0840.CX und EXP/2010-0840.A
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (1)
  17. Kaspersky findet EXPLOIT.JAVA.CVE-2010-0840.CR
    Log-Analyse und Auswertung - 06.10.2011 (12)

Zum Thema EXP/CVE-2010-0840.FL - Virus losgeworden? - Sodele. Einmal im normalen Modus: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 08.03.2012 20:36:19 - Run 2 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Ragey\Desktop 64bit- Professional - EXP/CVE-2010-0840.FL - Virus losgeworden?...
Archiv
Du betrachtest: EXP/CVE-2010-0840.FL - Virus losgeworden? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.