Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Weitere Funde

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.03.2012, 19:14   #1
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Wie in meinem anderen Beitrag erwähnt sind hier noch mal die Logs meines Hauptrechners. Ich hab jetzt nur das Eset Log mit angehängt, weil mir das Malwarebyte Log abhanden gekommen ist.. Beim ersten Durchlauf wurde etwas gefunden, wollte den Log eigentlich auch speichern aber ich find keinen von heute mit einem Fund. Hab ich wohl noch mal überschrieben.. Und beim zweiten Durchlauf hatte Malwarebyts auch nichts mehr gefunden.
Aber Eset halt gleich 3 Dinge:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a5b95a01dfb26d498754ee05e4442719
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-07 06:02:59
# local_time=2012-03-07 07:02:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 77650 82768752 0 0
# compatibility_mode=8192 67108863 100 0 3686 3686 0 0
# scanned=210055
# found=3
# cleaned=0
# scan_time=4477
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJJJZKK3\bi_downloader[1].exe	Win32/Adware.Somoto.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VU52V0JX\84e576d9707dda489faaef687e3b95b8[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\****\AppData\Local\Temp\HyperCam.exe	Win32/Adware.Somoto.A application (unable to clean)	00000000000000000000000000000000	I
         
Zumindestens eine Sache ist gleich wie bei meinem Laptop, aber was ist der Rest und wie soll ich weiter vorgehen?

Alt 08.03.2012, 10:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Zitat:
weil mir das Malwarebyte Log abhanden gekommen ist..
MBAM speichert alle Logs automatisch, die sind im Reiter Logdateien zu sehen!
Und die Logs sind benutzerabhängig, evtl findest du das andere Log nicht weil du den Scan mit einem anderen Benutzer gemacht hast
__________________

__________________

Alt 08.03.2012, 14:55   #3
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Ja den Reiter kannte ich, hab dort auch geguckt und mich gewundert das das Log nicht vorhanden ist..^^ Aber das ist eine gute Idee mit den Benutzern. Gescannt hab ich natürlich als Admin, nachträglich nach dem Log geguckt glaub ich als normaler Benutzer.

Edit: Und hier ist das Log auch schon

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
****:: ****-PC [Administrator]

07.03.2012 16:23:45
mbam-log-2012-03-07 (16-23-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389255
Laufzeit: 1 Stunde(n), 2 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\****\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich werd für meinen Hauptrechner auch mal den OLT Scan starten. Sollte ich bei meinem Laptop ja auch und die haben ja fast das selbe ^^
__________________

Alt 08.03.2012, 14:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2012, 15:19   #5
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Achja tut mir leid ich denk immer nicht an die alten Logs, da die alle sauber sind. Und es sind teilweise auch nur einzelne Dateien die ich durchsucht hatte.
Soll ich die "leeren" bzw. sauberen Logs wirklich alles posten?

EDIT: Und welche OLT Logs soll ich posten? Hab einen Vollscan gemacht und mache jetzt noch ein Quick Scan wie ich es in dem anderen Beitrag bei meinem Laptop machen sollte


Geändert von Deathwing (08.03.2012 um 15:31 Uhr)

Alt 08.03.2012, 18:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Weitere Funde

Alt 08.03.2012, 18:30   #7
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Code:
ATTFilter
OTL logfile created on: 08.03.2012 16:41:30 - Run 2
OTL by OldTimer - Version 3.2.36.1     Folder = D:\Benutzer\****\Documents
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free
8,00 Gb Paging File | 6,16 Gb Available in Paging File | 76,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,55 Gb Total Space | 30,09 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Drive D: | 405,21 Gb Total Space | 204,89 Gb Free Space | 50,56% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.08 16:08:13 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Benutzer\****\Documents\OTL.exe
PRC - [2012.02.02 20:33:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- D:\Programme\Last.fm\LastFM.exe
PRC - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) -- D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.09.15 17:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- D:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE
PRC - [2008.10.06 11:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- D:\Programme\ROCCAT\Kone Mouse\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 16:07:11 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.02 20:33:03 | 002,124,760 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- D:\Programme\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- D:\Programme\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- D:\Programme\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- D:\Programme\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- D:\Programme\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- D:\Programme\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- D:\Programme\Last.fm\breakpad.dll
MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- D:\Programme\Last.fm\Moose1.dll
MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- D:\Programme\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- D:\Programme\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- D:\Programme\Last.fm\zlibwapi.dll
MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- D:\Programme\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- D:\Programme\Last.fm\QtSql4.dll
MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- D:\Programme\Last.fm\QtGui4.dll
MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- D:\Programme\Last.fm\QtXml4.dll
MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- D:\Programme\Last.fm\QtCore4.dll
MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- D:\Programme\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- D:\Programme\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- D:\Programme\Last.fm\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.19 10:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyberlink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.03 18:37:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.10.12 15:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.05.06 09:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Running] -- D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.30 21:13:46 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX)
DRV:64bit: - [2011.11.06 18:20:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.11.03 17:46:57 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.07.07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009.10.14 21:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009.10.13 02:15:52 | 000,061,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.10.02 19:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.14 14:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.09.01 15:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.12.11 06:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.10.12 15:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 0E 13 63 48 9A CC 01  [binary data]
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 1C 2F BC BD DD CC 01  [binary data]
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.06 18:02:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.02.02 20:33:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2011.11.03 17:47:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.06 18:02:17 | 000,000,000 | ---D | M]
 
[2011.11.10 16:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.03.07 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lrs5qpa7.default\extensions
[2012.02.04 16:17:25 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lrs5qpa7.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012.03.07 17:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lrs5qpa7.default\extensions\staged
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRS5QPA7.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRS5QPA7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [AVP] D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Kone] D:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4180720999-729288266-656653811-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4180720999-729288266-656653811-1001..\Run: [SandboxieControl] D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4180720999-729288266-656653811-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECEB3EF-24A3-49E6-9170-1D6BEEA188F6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\x64\sbhook64.dll) - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\x64\kloehk.dll) - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\sbhook.dll) - D:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchBFII.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\SysNative\Microsoft
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\SysNative\Microsoft
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.08 16:08:11 | 000,594,432 | ---- | C] (OldTimer Tools) -- D:\Benutzer\****\Documents\OTL.exe
[2012.03.07 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.07 16:22:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.07 16:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.07 16:18:52 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Benutzer\****\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.04 18:56:02 | 000,000,000 | ---D | C] -- D:\Benutzer\****\Documents\Warcraft Imba
[2012.03.04 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
[2012.03.04 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT
[2012.03.04 12:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
[2012.02.08 20:15:08 | 000,000,000 | ---D | C] -- D:\Benutzer\****\Documents\bleeding_cowboys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.08 16:08:13 | 000,594,432 | ---- | M] (OldTimer Tools) -- D:\Benutzer\****\Documents\OTL.exe
[2012.03.08 15:51:19 | 000,027,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 15:51:19 | 000,027,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 15:42:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.08 15:42:40 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 21:06:50 | 000,064,152 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.03.07 21:06:50 | 000,064,152 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.03.07 21:06:50 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.03.07 17:43:41 | 000,004,484 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.03.07 16:18:55 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Benutzer\****\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.04 20:21:28 | 001,021,101 | ---- | M] () -- D:\Benutzer\****\Documents\Anlage 4 - Formblatt- Vereinbarung-Auswertung zum Betriebseinsatz (PDF).pdf
[2012.03.04 18:58:18 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.04 18:58:18 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.04 18:58:18 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.04 18:58:18 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.04 18:58:18 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.04 18:38:29 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
[2012.03.04 15:41:23 | 631,541,418 | ---- | M] () -- D:\Benutzer\****\Documents\clip0023.avi
[2012.03.04 15:18:33 | 490,496,330 | ---- | M] () -- D:\Benutzer\****\Documents\clip0022.avi
[2012.03.04 15:17:50 | 061,139,774 | ---- | M] () -- D:\Benutzer\****\Documents\clip0021.avi
[2012.03.04 15:16:33 | 588,345,542 | ---- | M] () -- D:\Benutzer\****\Documents\clip0020.avi
[2012.03.04 15:09:13 | 1400,950,668 | ---- | M] () -- D:\Benutzer\****\Documents\clip0019.avi
[2012.02.21 08:05:02 | 000,809,788 | ---- | M] () -- D:\Benutzer\****\Documents\Identity Card Hobe.pdf
[2012.02.16 18:26:12 | 000,341,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.04 15:39:56 | 631,541,418 | ---- | C] () -- D:\Benutzer\****\Documents\clip0023.avi
[2012.03.04 15:17:54 | 490,496,330 | ---- | C] () -- D:\Benutzer\****\Documents\clip0022.avi
[2012.03.04 15:17:45 | 061,139,774 | ---- | C] () -- D:\Benutzer\****\Documents\clip0021.avi
[2012.03.04 15:13:46 | 588,345,542 | ---- | C] () -- D:\Benutzer\****\Documents\clip0020.avi
[2012.03.04 15:07:01 | 1400,950,668 | ---- | C] () -- D:\Benutzer\****\Documents\clip0019.avi
[2012.02.21 21:16:27 | 001,021,101 | ---- | C] () -- D:\Benutzer\****\Documents\Anlage 4 - Formblatt- Vereinbarung-Auswertung zum Betriebseinsatz (PDF).pdf
[2012.02.20 18:31:04 | 000,809,788 | ---- | C] () -- D:\Benutzer\****\Documents\Identity Card Hobe.pdf
[2012.01.21 15:44:47 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\4D43E92476.sys
[2012.01.21 15:44:44 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.01.08 18:27:06 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.01.08 18:27:06 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011.12.08 16:37:45 | 000,076,990 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.11.06 19:41:11 | 000,004,484 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.11.06 17:56:04 | 000,217,439 | ---- | C] () -- C:\Windows\hpoins39.dat
[2011.11.03 18:38:31 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.11.03 18:38:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.11.03 18:38:09 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011.11.03 18:37:50 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.07.07 13:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 12:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 12:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 12:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 12:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 12:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 12:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== LOP Check ==========
 
[2011.11.06 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2012.01.22 17:20:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HeidiSQL
[2011.11.07 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Line 6
[2011.11.10 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.11.14 18:00:18 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\Amazon
[2012.01.22 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\HeidiSQL
[2011.12.30 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\Line 6
[2012.03.04 12:21:12 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\ROCCAT
[2012.01.07 20:21:27 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\Teeworlds
[2011.12.09 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\****_2\AppData\Roaming\TS3Client
[2012.01.22 10:04:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.08 22:37:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011.11.07 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Creative
[2011.11.08 16:34:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CyberLink
[2011.11.06 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2012.01.22 17:20:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HeidiSQL
[2011.11.06 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HP
[2011.11.03 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2012.02.05 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2011.11.12 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information
[2011.11.07 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Line 6
[2011.11.03 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.11.04 18:06:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2011.11.11 18:54:04 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2011.11.10 16:43:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2011.12.07 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NVIDIA
[2011.11.10 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
 
< %APPDATA%\*.exe /s >
[2011.11.12 09:39:09 | 000,331,776 | ---- | M] (Epic Games             ) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
[2010.11.20 13:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< End of report >
         

Alt 08.03.2012, 19:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 0E 13 63 48 9A CC 01  [binary data]
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 1C 2F BC BD DD CC 01  [binary data]
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4180720999-729288266-656653811-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[2012.02.04 16:17:25 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\lrs5qpa7.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchBFII.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.03.2012, 19:51   #9
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Ich hab den OTL Fix fertig, aber kein Log bekommen. Also nach dem Neustart wurde mir keins Angezeigt. Bekomm ich die auch aus irgendeinem Ordner her ?

Geändert von Deathwing (08.03.2012 um 20:05 Uhr)

Alt 08.03.2012, 21:37   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Mach den Fix im abgsicherten Modus nochmal
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.03.2012, 15:21   #11
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Also, ich habe Windows im abgesicherten Modus gestartet, danach OTL und dann .. wurde mir das Log angezeigt. Naja gut, hab dann noch ein neues gemacht (was mir aber auch erst angezeigt wurde als ich OTL neugestartet hatte).
Das Log jetzt hier ist dann aber doch das erste, ich denk mal das ist repräsentativer.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4180720999-729288266-656653811-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-4180720999-729288266-656653811-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4180720999-729288266-656653811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4180720999-729288266-656653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-4180720999-729288266-656653811-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4180720999-729288266-656653811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Folder C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\lrs5qpa7.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
File C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
File C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fd6d3a0-0638-11e1-9105-806e6f6e6963}\ not found.
File E:\LaunchBFII.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Martin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Martin_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 786432 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3034 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.1 log created on 03082012_203324

Files\Folders moved on Reboot...
File move failed. C:\Users\Martin_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 10.03.2012, 15:06   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2012, 15:58   #13
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Code:
ATTFilter
16:56:36.0827 3312	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:56:37.0081 3312	============================================================
16:56:37.0081 3312	Current date / time: 2012/03/10 16:56:37.0081
16:56:37.0081 3312	SystemInfo:
16:56:37.0082 3312	
16:56:37.0082 3312	OS Version: 6.1.7601 ServicePack: 1.0
16:56:37.0082 3312	Product type: Workstation
16:56:37.0082 3312	ComputerName: ****-PC
16:56:37.0082 3312	UserName: ****
16:56:37.0082 3312	Windows directory: C:\Windows
16:56:37.0082 3312	System windows directory: C:\Windows
16:56:37.0082 3312	Running under WOW64
16:56:37.0082 3312	Processor architecture: Intel x64
16:56:37.0082 3312	Number of processors: 2
16:56:37.0082 3312	Page size: 0x1000
16:56:37.0082 3312	Boot type: Normal boot
16:56:37.0082 3312	============================================================
16:56:38.0286 3312	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
16:56:38.0302 3312	\Device\Harddisk0\DR0:
16:56:38.0303 3312	MBR used
16:56:38.0303 3312	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7918000
16:56:38.0303 3312	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7918800, BlocksNum 0x32A6D000
16:56:38.0371 3312	Initialize success
16:56:38.0371 3312	============================================================
16:57:14.0635 0368	============================================================
16:57:14.0635 0368	Scan started
16:57:14.0635 0368	Mode: Manual; SigCheck; TDLFS; 
16:57:14.0635 0368	============================================================
16:57:16.0293 0368	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:57:16.0452 0368	1394ohci - ok
16:57:16.0483 0368	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:57:16.0507 0368	ACPI - ok
16:57:16.0531 0368	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:57:16.0632 0368	AcpiPmi - ok
16:57:16.0708 0368	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:57:16.0730 0368	adp94xx - ok
16:57:16.0740 0368	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:57:16.0756 0368	adpahci - ok
16:57:16.0775 0368	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:57:16.0789 0368	adpu320 - ok
16:57:16.0852 0368	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:57:16.0945 0368	AFD - ok
16:57:16.0976 0368	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:57:16.0993 0368	agp440 - ok
16:57:17.0011 0368	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:57:17.0023 0368	aliide - ok
16:57:17.0034 0368	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:57:17.0045 0368	amdide - ok
16:57:17.0067 0368	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:57:17.0125 0368	AmdK8 - ok
16:57:17.0145 0368	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:57:17.0174 0368	AmdPPM - ok
16:57:17.0215 0368	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:57:17.0228 0368	amdsata - ok
16:57:17.0262 0368	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:57:17.0276 0368	amdsbs - ok
16:57:17.0294 0368	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:57:17.0306 0368	amdxata - ok
16:57:17.0362 0368	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:57:17.0502 0368	AppID - ok
16:57:17.0534 0368	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:57:17.0546 0368	arc - ok
16:57:17.0566 0368	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:57:17.0578 0368	arcsas - ok
16:57:17.0609 0368	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:17.0752 0368	AsyncMac - ok
16:57:17.0784 0368	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:57:17.0795 0368	atapi - ok
16:57:17.0820 0368	AtcL001         (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
16:57:17.0896 0368	AtcL001 - ok
16:57:17.0962 0368	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:57:18.0043 0368	b06bdrv - ok
16:57:18.0090 0368	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:57:18.0131 0368	b57nd60a - ok
16:57:18.0157 0368	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:57:18.0234 0368	Beep - ok
16:57:18.0270 0368	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:18.0296 0368	blbdrive - ok
16:57:18.0322 0368	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:57:18.0359 0368	bowser - ok
16:57:18.0395 0368	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:18.0468 0368	BrFiltLo - ok
16:57:18.0482 0368	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:18.0520 0368	BrFiltUp - ok
16:57:18.0543 0368	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:57:18.0608 0368	Brserid - ok
16:57:18.0626 0368	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:18.0642 0368	BrSerWdm - ok
16:57:18.0666 0368	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:18.0705 0368	BrUsbMdm - ok
16:57:18.0723 0368	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:18.0773 0368	BrUsbSer - ok
16:57:18.0802 0368	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:18.0861 0368	BTHMODEM - ok
16:57:18.0900 0368	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:57:18.0955 0368	cdfs - ok
16:57:18.0999 0368	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:57:19.0066 0368	cdrom - ok
16:57:19.0139 0368	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:57:19.0219 0368	circlass - ok
16:57:19.0252 0368	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:57:19.0277 0368	CLFS - ok
16:57:19.0309 0368	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:19.0332 0368	CmBatt - ok
16:57:19.0365 0368	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:57:19.0376 0368	cmdide - ok
16:57:19.0415 0368	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:57:19.0475 0368	CNG - ok
16:57:19.0495 0368	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:57:19.0506 0368	Compbatt - ok
16:57:19.0531 0368	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:57:19.0562 0368	CompositeBus - ok
16:57:19.0604 0368	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:19.0617 0368	crcdisk - ok
16:57:19.0687 0368	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:57:19.0732 0368	CSC - ok
16:57:19.0775 0368	CT20XUT         (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
16:57:19.0880 0368	CT20XUT - ok
16:57:19.0894 0368	CT20XUT.SYS     (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
16:57:19.0910 0368	CT20XUT.SYS - ok
16:57:19.0969 0368	ctac32k         (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
16:57:19.0987 0368	ctac32k - ok
16:57:20.0023 0368	ctaud2k         (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
16:57:20.0043 0368	ctaud2k - ok
16:57:20.0106 0368	CTEXFIFX        (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
16:57:20.0147 0368	CTEXFIFX - ok
16:57:20.0186 0368	CTEXFIFX.SYS    (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
16:57:20.0211 0368	CTEXFIFX.SYS - ok
16:57:20.0228 0368	CTHWIUT         (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
16:57:20.0238 0368	CTHWIUT - ok
16:57:20.0246 0368	CTHWIUT.SYS     (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
16:57:20.0255 0368	CTHWIUT.SYS - ok
16:57:20.0269 0368	ctprxy2k        (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
16:57:20.0278 0368	ctprxy2k - ok
16:57:20.0297 0368	ctsfm2k         (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
16:57:20.0309 0368	ctsfm2k - ok
16:57:20.0367 0368	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:57:20.0438 0368	DfsC - ok
16:57:20.0468 0368	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:57:20.0515 0368	discache - ok
16:57:20.0540 0368	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:57:20.0553 0368	Disk - ok
16:57:20.0596 0368	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:57:20.0613 0368	Dot4 - ok
16:57:20.0641 0368	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:57:20.0676 0368	Dot4Print - ok
16:57:20.0706 0368	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:57:20.0734 0368	dot4usb - ok
16:57:20.0765 0368	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:57:20.0794 0368	drmkaud - ok
16:57:20.0840 0368	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:57:20.0875 0368	DXGKrnl - ok
16:57:20.0948 0368	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:57:21.0013 0368	ebdrv - ok
16:57:21.0045 0368	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:57:21.0067 0368	elxstor - ok
16:57:21.0084 0368	emupia          (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
16:57:21.0096 0368	emupia - ok
16:57:21.0116 0368	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:57:21.0141 0368	ErrDev - ok
16:57:21.0179 0368	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:57:21.0223 0368	exfat - ok
16:57:21.0245 0368	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:57:21.0288 0368	fastfat - ok
16:57:21.0317 0368	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:57:21.0331 0368	fdc - ok
16:57:21.0358 0368	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:57:21.0371 0368	FileInfo - ok
16:57:21.0389 0368	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:57:21.0427 0368	Filetrace - ok
16:57:21.0446 0368	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:21.0479 0368	flpydisk - ok
16:57:21.0520 0368	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:57:21.0536 0368	FltMgr - ok
16:57:21.0560 0368	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:57:21.0572 0368	FsDepends - ok
16:57:21.0586 0368	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:57:21.0598 0368	Fs_Rec - ok
16:57:21.0661 0368	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:57:21.0677 0368	fvevol - ok
16:57:21.0692 0368	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:21.0705 0368	gagp30kx - ok
16:57:21.0745 0368	ha20x22k        (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
16:57:21.0781 0368	ha20x22k - ok
16:57:21.0832 0368	ha20x2k         (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
16:57:21.0873 0368	ha20x2k - ok
16:57:21.0890 0368	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:57:21.0936 0368	hcw85cir - ok
16:57:21.0989 0368	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:57:22.0034 0368	HdAudAddService - ok
16:57:22.0072 0368	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:57:22.0111 0368	HDAudBus - ok
16:57:22.0128 0368	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:22.0150 0368	HidBatt - ok
16:57:22.0175 0368	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:57:22.0199 0368	HidBth - ok
16:57:22.0216 0368	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:57:22.0244 0368	HidIr - ok
16:57:22.0273 0368	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:57:22.0293 0368	HidUsb - ok
16:57:22.0350 0368	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:57:22.0363 0368	HpSAMD - ok
16:57:22.0414 0368	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:57:22.0490 0368	HTTP - ok
16:57:22.0528 0368	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:57:22.0546 0368	hwpolicy - ok
16:57:22.0559 0368	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:57:22.0573 0368	i8042prt - ok
16:57:22.0623 0368	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:57:22.0641 0368	iaStorV - ok
16:57:22.0661 0368	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:57:22.0673 0368	iirsp - ok
16:57:22.0691 0368	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:57:22.0703 0368	intelide - ok
16:57:22.0728 0368	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:57:22.0751 0368	intelppm - ok
16:57:22.0773 0368	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:22.0837 0368	IpFilterDriver - ok
16:57:22.0858 0368	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:57:22.0879 0368	IPMIDRV - ok
16:57:22.0899 0368	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:57:22.0938 0368	IPNAT - ok
16:57:22.0962 0368	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:57:23.0035 0368	IRENUM - ok
16:57:23.0050 0368	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:57:23.0062 0368	isapnp - ok
16:57:23.0090 0368	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:57:23.0106 0368	iScsiPrt - ok
16:57:23.0138 0368	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:57:23.0150 0368	kbdclass - ok
16:57:23.0175 0368	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:57:23.0204 0368	kbdhid - ok
16:57:23.0273 0368	kl1             (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
16:57:23.0289 0368	kl1 - ok
16:57:23.0302 0368	KLBG            (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
16:57:23.0316 0368	KLBG - ok
16:57:23.0386 0368	KLIF            (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
16:57:23.0406 0368	KLIF - ok
16:57:23.0438 0368	KLIM6           (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
16:57:23.0452 0368	KLIM6 - ok
16:57:23.0466 0368	klmouflt        (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
16:57:23.0479 0368	klmouflt - ok
16:57:23.0511 0368	KoneFltr        (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
16:57:23.0529 0368	KoneFltr - ok
16:57:23.0557 0368	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:57:23.0575 0368	KSecDD - ok
16:57:23.0595 0368	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:57:23.0615 0368	KSecPkg - ok
16:57:23.0635 0368	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:57:23.0675 0368	ksthunk - ok
16:57:23.0730 0368	L6GX            (1107dd2b04a2c73ccbb614c12c70b775) C:\Windows\system32\Drivers\L6GX64.sys
16:57:23.0781 0368	L6GX - ok
16:57:23.0831 0368	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:57:23.0883 0368	lltdio - ok
16:57:23.0918 0368	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:23.0931 0368	LSI_FC - ok
16:57:23.0940 0368	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:23.0953 0368	LSI_SAS - ok
16:57:23.0969 0368	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:23.0981 0368	LSI_SAS2 - ok
16:57:23.0999 0368	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:24.0013 0368	LSI_SCSI - ok
16:57:24.0043 0368	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:57:24.0089 0368	luafv - ok
16:57:24.0105 0368	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:57:24.0117 0368	megasas - ok
16:57:24.0138 0368	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:24.0154 0368	MegaSR - ok
16:57:24.0175 0368	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:57:24.0213 0368	Modem - ok
16:57:24.0249 0368	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:57:24.0281 0368	monitor - ok
16:57:24.0305 0368	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:57:24.0317 0368	mouclass - ok
16:57:24.0347 0368	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:57:24.0396 0368	mouhid - ok
16:57:24.0423 0368	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:57:24.0435 0368	mountmgr - ok
16:57:24.0472 0368	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:57:24.0491 0368	mpio - ok
16:57:24.0522 0368	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:57:24.0575 0368	mpsdrv - ok
16:57:24.0606 0368	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:57:24.0683 0368	MRxDAV - ok
16:57:24.0713 0368	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:24.0756 0368	mrxsmb - ok
16:57:24.0770 0368	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:24.0788 0368	mrxsmb10 - ok
16:57:24.0817 0368	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:24.0842 0368	mrxsmb20 - ok
16:57:24.0868 0368	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:57:24.0881 0368	msahci - ok
16:57:24.0909 0368	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:57:24.0922 0368	msdsm - ok
16:57:24.0944 0368	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:57:24.0986 0368	Msfs - ok
16:57:25.0000 0368	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:57:25.0039 0368	mshidkmdf - ok
16:57:25.0064 0368	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:57:25.0076 0368	msisadrv - ok
16:57:25.0108 0368	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:57:25.0139 0368	MSKSSRV - ok
16:57:25.0173 0368	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:25.0212 0368	MSPCLOCK - ok
16:57:25.0231 0368	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:57:25.0280 0368	MSPQM - ok
16:57:25.0306 0368	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:57:25.0323 0368	MsRPC - ok
16:57:25.0333 0368	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:57:25.0346 0368	mssmbios - ok
16:57:25.0354 0368	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:57:25.0397 0368	MSTEE - ok
16:57:25.0412 0368	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:25.0437 0368	MTConfig - ok
16:57:25.0493 0368	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
16:57:25.0513 0368	MTsensor - ok
16:57:25.0534 0368	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:57:25.0547 0368	Mup - ok
16:57:25.0599 0368	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:57:25.0634 0368	NativeWifiP - ok
16:57:25.0699 0368	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:57:25.0727 0368	NDIS - ok
16:57:25.0756 0368	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:25.0787 0368	NdisCap - ok
16:57:25.0816 0368	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:25.0859 0368	NdisTapi - ok
16:57:25.0900 0368	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:25.0950 0368	Ndisuio - ok
16:57:25.0980 0368	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:26.0038 0368	NdisWan - ok
16:57:26.0060 0368	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:57:26.0122 0368	NDProxy - ok
16:57:26.0175 0368	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:57:26.0223 0368	NetBIOS - ok
16:57:26.0255 0368	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:57:26.0315 0368	NetBT - ok
16:57:26.0352 0368	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:26.0364 0368	nfrd960 - ok
16:57:26.0394 0368	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:57:26.0425 0368	Npfs - ok
16:57:26.0436 0368	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:57:26.0482 0368	nsiproxy - ok
16:57:26.0552 0368	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:57:26.0602 0368	Ntfs - ok
16:57:26.0625 0368	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:57:26.0677 0368	Null - ok
16:57:26.0921 0368	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:57:27.0144 0368	nvlddmkm - ok
16:57:27.0173 0368	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:57:27.0187 0368	nvraid - ok
16:57:27.0219 0368	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:57:27.0233 0368	nvstor - ok
16:57:27.0274 0368	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:57:27.0288 0368	nv_agp - ok
16:57:27.0316 0368	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:57:27.0337 0368	ohci1394 - ok
16:57:27.0386 0368	ossrv           (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
16:57:27.0398 0368	ossrv - ok
16:57:27.0423 0368	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:57:27.0472 0368	Parport - ok
16:57:27.0504 0368	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:57:27.0517 0368	partmgr - ok
16:57:27.0537 0368	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:57:27.0552 0368	pci - ok
16:57:27.0571 0368	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:57:27.0582 0368	pciide - ok
16:57:27.0599 0368	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:27.0615 0368	pcmcia - ok
16:57:27.0633 0368	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:57:27.0645 0368	pcw - ok
16:57:27.0673 0368	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:57:27.0713 0368	PEAUTH - ok
16:57:27.0785 0368	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:57:27.0849 0368	PptpMiniport - ok
16:57:27.0863 0368	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:57:27.0889 0368	Processor - ok
16:57:27.0940 0368	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:57:27.0999 0368	Psched - ok
16:57:28.0042 0368	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:57:28.0076 0368	ql2300 - ok
16:57:28.0100 0368	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:28.0114 0368	ql40xx - ok
16:57:28.0134 0368	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:57:28.0163 0368	QWAVEdrv - ok
16:57:28.0183 0368	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:57:28.0222 0368	RasAcd - ok
16:57:28.0262 0368	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:28.0302 0368	RasAgileVpn - ok
16:57:28.0326 0368	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:28.0383 0368	Rasl2tp - ok
16:57:28.0400 0368	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:28.0444 0368	RasPppoe - ok
16:57:28.0468 0368	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:57:28.0512 0368	RasSstp - ok
16:57:28.0543 0368	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:57:28.0606 0368	rdbss - ok
16:57:28.0626 0368	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:28.0661 0368	rdpbus - ok
16:57:28.0675 0368	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:28.0722 0368	RDPCDD - ok
16:57:28.0750 0368	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:57:28.0817 0368	RDPDR - ok
16:57:28.0839 0368	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:57:28.0871 0368	RDPENCDD - ok
16:57:28.0887 0368	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:57:28.0926 0368	RDPREFMP - ok
16:57:28.0948 0368	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:57:29.0008 0368	RDPWD - ok
16:57:29.0038 0368	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:57:29.0053 0368	rdyboost - ok
16:57:29.0138 0368	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:57:29.0193 0368	rspndr - ok
16:57:29.0220 0368	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:57:29.0290 0368	s3cap - ok
16:57:29.0442 0368	SbieDrv         (c7e399dbc7b70fda979013389b1a8dab) D:\Programme\Sandboxie\SbieDrv.sys
16:57:29.0489 0368	SbieDrv - ok
16:57:29.0533 0368	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:57:29.0553 0368	sbp2port - ok
16:57:29.0594 0368	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:57:29.0660 0368	scfilter - ok
16:57:29.0685 0368	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:57:29.0728 0368	secdrv - ok
16:57:29.0762 0368	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:57:29.0786 0368	Serenum - ok
16:57:29.0805 0368	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:57:29.0826 0368	Serial - ok
16:57:29.0855 0368	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:57:29.0869 0368	sermouse - ok
16:57:29.0898 0368	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:57:29.0947 0368	sffdisk - ok
16:57:29.0967 0368	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:57:29.0994 0368	sffp_mmc - ok
16:57:30.0012 0368	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:57:30.0040 0368	sffp_sd - ok
16:57:30.0055 0368	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:30.0080 0368	sfloppy - ok
16:57:30.0104 0368	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:30.0116 0368	SiSRaid2 - ok
16:57:30.0146 0368	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:30.0159 0368	SiSRaid4 - ok
16:57:30.0174 0368	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:57:30.0207 0368	Smb - ok
16:57:30.0225 0368	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:57:30.0237 0368	spldr - ok
16:57:30.0317 0368	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:57:30.0317 0368	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:57:30.0318 0368	sptd ( LockedFile.Multi.Generic ) - warning
16:57:30.0318 0368	sptd - detected LockedFile.Multi.Generic (1)
16:57:30.0353 0368	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:57:30.0424 0368	srv - ok
16:57:30.0446 0368	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:57:30.0477 0368	srv2 - ok
16:57:30.0504 0368	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:57:30.0529 0368	srvnet - ok
16:57:30.0556 0368	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:57:30.0568 0368	stexstor - ok
16:57:30.0609 0368	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:57:30.0632 0368	StillCam - ok
16:57:30.0667 0368	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:57:30.0679 0368	storflt - ok
16:57:30.0712 0368	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:57:30.0724 0368	storvsc - ok
16:57:30.0746 0368	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:57:30.0757 0368	swenum - ok
16:57:30.0799 0368	tandpl - ok
16:57:30.0865 0368	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:57:30.0921 0368	Tcpip - ok
16:57:30.0954 0368	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:57:30.0986 0368	TCPIP6 - ok
16:57:31.0019 0368	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:57:31.0076 0368	tcpipreg - ok
16:57:31.0090 0368	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:57:31.0125 0368	TDPIPE - ok
16:57:31.0132 0368	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:57:31.0163 0368	TDTCP - ok
16:57:31.0208 0368	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:57:31.0256 0368	tdx - ok
16:57:31.0272 0368	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:57:31.0285 0368	TermDD - ok
16:57:31.0326 0368	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:31.0372 0368	tssecsrv - ok
16:57:31.0424 0368	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:57:31.0485 0368	TsUsbFlt - ok
16:57:31.0526 0368	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:31.0573 0368	tunnel - ok
16:57:31.0594 0368	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:57:31.0606 0368	uagp35 - ok
16:57:31.0626 0368	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:57:31.0676 0368	udfs - ok
16:57:31.0712 0368	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:57:31.0724 0368	uliagpkx - ok
16:57:31.0769 0368	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:57:31.0803 0368	umbus - ok
16:57:31.0822 0368	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:57:31.0846 0368	UmPass - ok
16:57:31.0897 0368	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:57:31.0935 0368	usbaudio - ok
16:57:31.0957 0368	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:31.0982 0368	usbccgp - ok
16:57:32.0027 0368	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:57:32.0054 0368	usbcir - ok
16:57:32.0072 0368	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:32.0095 0368	usbehci - ok
16:57:32.0106 0368	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:32.0132 0368	usbhub - ok
16:57:32.0150 0368	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:57:32.0175 0368	usbohci - ok
16:57:32.0209 0368	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:57:32.0235 0368	usbprint - ok
16:57:32.0262 0368	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:57:32.0277 0368	usbscan - ok
16:57:32.0298 0368	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:32.0341 0368	USBSTOR - ok
16:57:32.0352 0368	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:32.0366 0368	usbuhci - ok
16:57:32.0382 0368	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:57:32.0395 0368	vdrvroot - ok
16:57:32.0416 0368	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:32.0446 0368	vga - ok
16:57:32.0464 0368	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:57:32.0503 0368	VgaSave - ok
16:57:32.0535 0368	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:57:32.0551 0368	vhdmp - ok
16:57:32.0568 0368	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:57:32.0579 0368	viaide - ok
16:57:32.0603 0368	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:57:32.0618 0368	vmbus - ok
16:57:32.0637 0368	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:57:32.0660 0368	VMBusHID - ok
16:57:32.0679 0368	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:57:32.0691 0368	volmgr - ok
16:57:32.0725 0368	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:57:32.0742 0368	volmgrx - ok
16:57:32.0779 0368	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:57:32.0795 0368	volsnap - ok
16:57:32.0813 0368	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:32.0827 0368	vsmraid - ok
16:57:32.0843 0368	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:57:32.0866 0368	vwifibus - ok
16:57:32.0884 0368	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:57:32.0907 0368	WacomPen - ok
16:57:32.0933 0368	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:32.0989 0368	WANARP - ok
16:57:33.0000 0368	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:33.0046 0368	Wanarpv6 - ok
16:57:33.0069 0368	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:57:33.0080 0368	Wd - ok
16:57:33.0104 0368	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:57:33.0126 0368	Wdf01000 - ok
16:57:33.0160 0368	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:33.0211 0368	WfpLwf - ok
16:57:33.0231 0368	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:57:33.0243 0368	WIMMount - ok
16:57:33.0278 0368	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:57:33.0292 0368	WmiAcpi - ok
16:57:33.0309 0368	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:33.0348 0368	ws2ifsl - ok
16:57:33.0382 0368	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:57:33.0440 0368	WudfPf - ok
16:57:33.0491 0368	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:33.0570 0368	WUDFRd - ok
16:57:33.0597 0368	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:57:34.0354 0368	\Device\Harddisk0\DR0 - ok
16:57:34.0358 0368	Boot (0x1200)   (ae04f02c364898d100b9b141d2337003) \Device\Harddisk0\DR0\Partition0
16:57:34.0359 0368	\Device\Harddisk0\DR0\Partition0 - ok
16:57:34.0380 0368	Boot (0x1200)   (9496520018589f4d2b0d0097d2bd2acd) \Device\Harddisk0\DR0\Partition1
16:57:34.0381 0368	\Device\Harddisk0\DR0\Partition1 - ok
16:57:34.0382 0368	============================================================
16:57:34.0382 0368	Scan finished
16:57:34.0382 0368	============================================================
16:57:34.0393 3224	Detected object count: 1
16:57:34.0393 3224	Actual detected object count: 1
16:58:09.0827 3224	sptd ( LockedFile.Multi.Generic ) - skipped by user
16:58:09.0827 3224	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 12.03.2012, 11:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weitere Funde - Standard

Weitere Funde



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2012, 17:31   #15
Deathwing
 
Weitere Funde - Standard

Weitere Funde



Ich habe Combofix ausgeführt, aber nach dem Neustart vom PC macht Combofix Probleme. Es öffnet und schließt sich immer von selbst und springt dabei ein paar zentimeter diagonal über den Bildschirm. Beenden kann ich es nur durch strg+c , selbst im Task manager taucht es immer nur wieder für den bruchteil einer sekunde auf.
Ich hab es dann noch ein zweites mal gestartet und auch dann wieder das Problem nach dem neustart gehabt..

Edit: Mir kam gerade noch die idee das ich ja auch ComboFix im abgesicherten Modus starten könnte, vlt läuft es ja dann

Geändert von Deathwing (12.03.2012 um 18:27 Uhr)

Antwort

Themen zu Weitere Funde
anderen, appdata, beitrag, code, dinge, downloader, escan, eset, files, found, fund, heute, internet, laptop, microsoft, nichts, onlinescan, sache, service, speicher, speichern, temporary, version, virus, windows



Ähnliche Themen: Weitere Funde


  1. Windows 7 EsetScan meldet "Win32/Toolbar.Montiera" und weitere Funde
    Log-Analyse und Auswertung - 23.05.2014 (14)
  2. Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde
    Log-Analyse und Auswertung - 16.03.2014 (13)
  3. Funde durch AdwCleaner...weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (3)
  4. TR/Fakeadb.A und weitere Funde bei Antivir (Premium)
    Log-Analyse und Auswertung - 15.09.2013 (14)
  5. Win7 - Startseite Firefox auf QV06 umgeleitet - Scan u. Desinfektion mit MbAM, nun weitere Funde nach online-Scan mit ESET
    Log-Analyse und Auswertung - 24.08.2013 (9)
  6. PUP.FakeFlash.Domaiq- und weitere Malware-Funde
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (7)
  7. yontoo, y2desktop, xoywm.exe und weitere Funde WIRKLICH eliminiert?
    Log-Analyse und Auswertung - 30.05.2013 (10)
  8. GUV Virus weiterhin auf dem Rechner? Malewarebytes = keine Funde/ Antivir = 2 Funde
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  9. Antivir meldet BDS/ZAccess.AX.1 sowie nach einem Scan 4 weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (10)
  10. TR/Agen.Y.20 in OTL.exe und weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (2)
  11. Gema-Trojaner und weitere Funde
    Log-Analyse und Auswertung - 21.11.2011 (29)
  12. 'EXP/Pidief.41322.A' [exploit] ausgeführt + weitere Funde
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (21)
  13. TR/Rootkit.Gen3 zund weitere Funde
    Log-Analyse und Auswertung - 15.10.2010 (15)
  14. avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (19)
  15. Trojan.Agent/Gen-Reader_S und weitere Funde
    Log-Analyse und Auswertung - 15.04.2010 (9)
  16. JAVA/ClassLoad.AD.2 und weitere Funde
    Log-Analyse und Auswertung - 15.04.2010 (11)
  17. Nach Win32/Cryptor Entfernung bei Malwarebytes Scan mehrere weitere Funde
    Log-Analyse und Auswertung - 18.12.2009 (1)

Zum Thema Weitere Funde - Wie in meinem anderen Beitrag erwähnt sind hier noch mal die Logs meines Hauptrechners. Ich hab jetzt nur das Eset Log mit angehängt, weil mir das Malwarebyte Log abhanden gekommen - Weitere Funde...
Archiv
Du betrachtest: Weitere Funde auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.