Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ordner auf externer Festplatte werden nur noch als Verknüpfungen angezeigt, die sich nicht öffnen (https://www.trojaner-board.de/103821-ordner-externer-festplatte-nur-noch-verknuepfungen-angezeigt-oeffnen.html)

DieTrojanPlz 04.10.2011 15:54
Ordner auf externer Festplatte werden nur noch als Verknüpfungen angezeigt, die sich nicht öffnen
 
Hallo!
Leider kann ich seit einiger Zeit nicht mehr auf die Ordner meiner externen Festplatte zugreifen. Diese werden nämlich nur noch als Verknüpfungen angezeigt, bei deren Öffnung der Fehler "F:\RECYCLER\0xD80A89C7.exe konnte nicht gefunden werden" erscheint. Im Folgenden sind die Ergebnisse der verschiedenen Tests in .txt-Dateien gelistet:

OTL:
Anhang 22773

Extras:
Anhang 22776

mbam-log:
Anhang 22774

ESET Scan:
Anhang 22775

Vielen Dank im Voraus für Ihre Hilfe!!!

Gruß!

cosinus 04.10.2011 17:01
Das ESET-Log ist unvollständig.
Und mach mit Malwarebytes bitte mal einen Vollscan, vorher immer auf Updates prüfen.

DieTrojanPlz 05.10.2011 00:02
Danke für die schnelle Antwort!

Hier ist das vollständige ESET- Log und das Ergebnis des Vollscans:

Anhang 22794

Anhang 22793

Gruß!

cosinus 05.10.2011 01:59
Du hast mit OTL keinen CustomScan gemacht, bitte auch nachholen.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

DieTrojanPlz 05.10.2011 10:16
Hier ist der Output vom CustomScan von OTL:

OTL Logfile:
Code:
OTL logfile created on: 05.10.2011 10:44:43 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Medion\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 71,88% Memory free
6,85 Gb Paging File | 5,73 Gb Available in Paging File | 83,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 398,13 Gb Free Space | 93,75% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 20,29 Gb Free Space | 50,73% Space Free | Partition Type: NTFS
Drive F: | 111,76 Gb Total Space | 26,18 Gb Free Space | 23,43% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.04 15:32:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Downloads\OTL.exe
PRC - [2011.10.01 15:55:59 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.03.02 15:18:50 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010.01.13 11:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.12.14 12:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 16:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.01 15:55:59 | 000,380,928 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\libxml2.dll
MOD - [2011.10.01 15:55:59 | 000,061,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2011.08.31 19:13:52 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.06.18 10:34:14 | 000,099,664 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.01 15:55:59 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc)
SRV - [2011.10.01 15:55:57 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.31 09:38:50 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2009.03.23 13:43:50 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.02.10 16:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010.01.08 04:50:08 | 000,232,448 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009.12.22 19:18:58 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.09.18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.13 17:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.07.31 03:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.01.23 15:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Suche"
FF - user.js..browser.search.order.1: "Suche"
FF - user.js..browser.search.defaultenginename: "Suche"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Medion\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Medion\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.04 13:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.04 13:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2011.10.04 13:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 15:26:52 | 000,000,139 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Suche.src
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Medion\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Medion\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Medion\AppData\Roaming\xplugin\toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F29B529-65D9-42E5-91A3-E253BDE00FE2}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.18 23:41:20 | 000,000,089 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: BgMainSvc - C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BgLiveSvc - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SafeBootNet: BgMainSvc - C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.04 15:49:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\fest
[2011.10.04 15:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.04 15:37:38 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2011.10.04 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.04 15:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.04 15:37:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.04 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.04 15:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.10.04 15:32:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.10.04 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.10.04 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.10.04 15:27:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.10.04 15:26:33 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\xplugin
[2011.10.04 14:44:36 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Adobe
[2011.10.04 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Mozilla
[2011.10.04 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Mozilla
[2011.10.04 13:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.10.04 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.03 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Diagnostics
[2011.10.03 11:43:34 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.10.01 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Macromedia
[2011.10.01 15:56:03 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2011.10.01 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Google
[2011.10.01 15:52:05 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Adobe
[2011.10.01 15:51:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Deployment
[2011.10.01 15:51:55 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Apps
[2011.09.26 10:03:35 | 000,000,000 | ---D | C] -- C:\img
[2011.09.23 14:57:39 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Power2Go
[2011.09.23 14:57:38 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\BullGuard
[2011.09.23 14:57:25 | 000,000,000 | R--D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.09.23 14:57:25 | 000,000,000 | R--D | C] -- C:\Users\Medion\Searches
[2011.09.23 14:57:25 | 000,000,000 | R--D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.09.23 14:57:16 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Identities
[2011.09.23 14:57:15 | 000,000,000 | R--D | C] -- C:\Users\Medion\Contacts
[2011.09.23 14:57:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.09.23 14:57:05 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\VirtualStore
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Vorlagen
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\AppData\Local\Verlauf
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\AppData\Local\Temporary Internet Files
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Startmenü
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\SendTo
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Recent
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Netzwerkumgebung
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Lokale Einstellungen
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Documents\Eigene Videos
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Documents\Eigene Musik
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Eigene Dateien
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Documents\Eigene Bilder
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Druckumgebung
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Cookies
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\AppData\Local\Anwendungsdaten
[2011.09.23 14:57:04 | 000,000,000 | -HSD | C] -- C:\Users\Medion\Anwendungsdaten
[2011.09.23 14:57:01 | 000,000,000 | --SD | C] -- C:\Users\Medion\AppData\Roaming\Microsoft
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Videos
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Saved Games
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Pictures
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Music
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Links
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Favorites
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Downloads
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Documents
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\Desktop
[2011.09.23 14:57:01 | 000,000,000 | R--D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.09.23 14:57:01 | 000,000,000 | -H-D | C] -- C:\Users\Medion\AppData
[2011.09.23 14:57:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Temp
[2011.09.23 14:57:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Microsoft
[2011.09.23 14:57:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Media Center Programs
[2011.09.23 14:56:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.09.23 14:56:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.09.23 14:55:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.08.31 19:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.05 10:45:51 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.05 10:45:51 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.05 10:45:51 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.05 10:45:51 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.05 10:35:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000UA.job
[2011.10.05 10:35:07 | 000,002,372 | ---- | M] () -- C:\Users\Medion\Desktop\Google Chrome.lnk
[2011.10.05 10:34:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.05 01:33:27 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.05 01:33:27 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.05 01:26:56 | 000,383,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.05 01:26:00 | 2760,843,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.04 15:57:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000Core.job
[2011.10.04 15:38:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.10.04 15:38:04 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft IntelliPoint installieren.lnk
[2011.10.04 15:37:35 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.04 15:28:14 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.10.01 15:56:03 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2011.09.26 10:03:38 | 000,012,296 | ---- | M] () -- C:\mqaReport_q.html
[2011.09.23 15:54:56 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.09.23 15:20:47 | 000,000,560 | ---- | M] () -- C:\Users\Public\Desktop\WST Report.lnk
 
========== Files Created - No Company Name ==========
 
[2011.10.04 15:38:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.10.04 15:38:04 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft IntelliPoint installieren.lnk
[2011.10.04 15:37:35 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.04 15:27:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.10.04 15:27:44 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.10.04 13:56:47 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.04 13:52:56 | 000,002,372 | ---- | C] () -- C:\Users\Medion\Desktop\Google Chrome.lnk
[2011.10.03 11:44:34 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.10.03 11:43:13 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.10.03 11:43:05 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011.10.01 15:52:14 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000UA.job
[2011.10.01 15:52:13 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000Core.job
[2011.09.26 10:03:38 | 000,012,296 | ---- | C] () -- C:\mqaReport_q.html
[2011.09.23 15:50:37 | 2760,843,264 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.23 15:20:47 | 000,000,560 | ---- | C] () -- C:\Users\Public\Desktop\WST Report.lnk
[2011.09.23 14:57:27 | 000,001,417 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.08.31 19:46:18 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011.08.31 19:46:12 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011.08.31 19:46:10 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.08.31 19:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010.03.13 06:58:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.03.03 12:55:22 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.02 07:40:12 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.03.02 07:40:12 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.03.02 07:39:10 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.03.02 06:59:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,383,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.23 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\BullGuard
[2011.10.04 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\xplugin
[2009.07.14 06:53:46 | 000,013,480 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.04 14:44:36 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Adobe
[2011.09.23 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\BullGuard
[2011.09.23 14:57:16 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Identities
[2011.10.01 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Macromedia
[2011.10.04 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Media Center Programs
[2011.10.04 23:05:56 | 000,000,000 | --SD | M] -- C:\Users\Medion\AppData\Roaming\Microsoft
[2011.10.04 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Mozilla
[2011.10.04 15:26:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\xplugin
 
< %APPDATA%\*.exe /s >
[2011.09.19 09:30:04 | 012,697,088 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\xplugin\ffmpeg.exe
[2011.09.19 09:30:04 | 001,242,112 | ---- | M] (Synatix GmbH) -- C:\Users\Medion\AppData\Roaming\xplugin\uninstall.exe
[2011.09.19 09:30:04 | 001,020,928 | ---- | M] (Synatix GmbH) -- C:\Users\Medion\AppData\Roaming\xplugin\ytdl.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---



Dank und Gruß!

DieTrojanPlz 05.10.2011 14:46
Ist der Output-Log so korrekt?

Gruß!

cosinus 05.10.2011 16:25
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js..browser.search.selectedEngine: "Suche"
FF - user.js..browser.search.order.1: "Suche"
FF - user.js..browser.search.defaultenginename: "Suche"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.04.18 23:41:20 | 000,000,089 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DieTrojanPlz 05.10.2011 16:51
So, hier ist der Log:


PHP-Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
Prefs.js"Suche" removed from browser.search.defaultenginename
Prefs.js"Suche" removed from browser.search.order.1
Prefs.js"Suche" removed from browser.search.selectedEngine
Prefs.js"hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Users\Medion\AppData\Roaming\Mozilla\FireFox\Profiles\c9al74jl.default\user.js moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:/value set successfully!
C:\autoexec.bat moved successfully.
F:\autorun.inf moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
UserAll Users
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
UserMedion
->Temp folder emptied303408912 bytes
->Temporary Internet Files folder emptied409897969 bytes
->FireFox cache emptied37674246 bytes
->Google Chrome cache emptied21095089 bytes
->Flash cache emptied15360 bytes
 
User: Public
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed0 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied20544 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 736,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer Version 3.2.29.1 log created on 10052011_173951

Files\Folders moved on Reboot...

Registry entries deleted on Reboot... 
Die Ordner lassen sich leider immer noch nicht öffnen. :heulen:
Gibt es noch weiteres Vorgehen?
Gruß!

cosinus 05.10.2011 17:24
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

DieTrojanPlz 05.10.2011 17:43
Wie es mir scheint hat das Programm leider nichts gefunden. Auch die Ordner sind leider immer noch Verknüpfungen und lassen sich nicht öffnen.

Hier ist der Scan-Log:

Code:
18:30:54.0509 4724        TDSS rootkit removing tool 2.6.4.0 Oct  3 2011 17:37:01
18:30:54.0727 4724        ============================================================
18:30:54.0727 4724        Current date / time: 2011/10/05 18:30:54.0727
18:30:54.0727 4724        SystemInfo:
18:30:54.0727 4724       
18:30:54.0727 4724        OS Version: 6.1.7601 ServicePack: 1.0
18:30:54.0727 4724        Product type: Workstation
18:30:54.0727 4724        ComputerName: MEDION-PC
18:30:54.0727 4724        UserName: Medion
18:30:54.0727 4724        Windows directory: C:\Windows
18:30:54.0727 4724        System windows directory: C:\Windows
18:30:54.0727 4724        Processor architecture: Intel x86
18:30:54.0727 4724        Number of processors: 4
18:30:54.0727 4724        Page size: 0x1000
18:30:54.0727 4724        Boot type: Normal boot
18:30:54.0727 4724        ============================================================
18:30:55.0320 4724        Initialize success
18:31:26.0863 0912        ============================================================
18:31:26.0863 0912        Scan started
18:31:26.0863 0912        Mode: Manual; SigCheck; TDLFS;
18:31:26.0863 0912        ============================================================
18:31:27.0518 0912        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:31:27.0596 0912        1394ohci - ok
18:31:27.0737 0912        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:31:27.0752 0912        ACPI - ok
18:31:27.0877 0912        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:31:27.0924 0912        AcpiPmi - ok
18:31:28.0049 0912        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:31:28.0080 0912        adp94xx - ok
18:31:28.0205 0912        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:31:28.0236 0912        adpahci - ok
18:31:28.0345 0912        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:31:28.0376 0912        adpu320 - ok
18:31:28.0501 0912        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:31:28.0548 0912        AFD - ok
18:31:28.0657 0912        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:31:28.0673 0912        agp440 - ok
18:31:28.0782 0912        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:31:28.0797 0912        aic78xx - ok
18:31:28.0953 0912        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:31:28.0969 0912        aliide - ok
18:31:29.0078 0912        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:31:29.0094 0912        amdagp - ok
18:31:29.0234 0912        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:31:29.0250 0912        amdide - ok
18:31:29.0343 0912        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:31:29.0375 0912        AmdK8 - ok
18:31:29.0484 0912        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:31:29.0499 0912        AmdPPM - ok
18:31:29.0624 0912        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:31:29.0640 0912        amdsata - ok
18:31:29.0780 0912        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:31:29.0796 0912        amdsbs - ok
18:31:29.0905 0912        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:31:29.0921 0912        amdxata - ok
18:31:30.0045 0912        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:31:30.0092 0912        AppID - ok
18:31:30.0217 0912        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:31:30.0233 0912        arc - ok
18:31:30.0326 0912        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:31:30.0342 0912        arcsas - ok
18:31:30.0467 0912        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:31:30.0513 0912        AsyncMac - ok
18:31:30.0638 0912        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:31:30.0654 0912        atapi - ok
18:31:30.0779 0912        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:31:30.0857 0912        b06bdrv - ok
18:31:30.0966 0912        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:31:30.0997 0912        b57nd60x - ok
18:31:31.0169 0912        BdFileSpy      (8c455a0b7bcd2bec2919a4da525d53bd) C:\Windows\system32\drivers\BdFileSpy.sys
18:31:31.0215 0912        BdFileSpy - ok
18:31:31.0340 0912        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:31:31.0403 0912        Beep - ok
18:31:31.0574 0912        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:31:31.0590 0912        blbdrive - ok
18:31:31.0715 0912        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:31:31.0746 0912        bowser - ok
18:31:31.0824 0912        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:31:31.0855 0912        BrFiltLo - ok
18:31:31.0886 0912        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:31:31.0917 0912        BrFiltUp - ok
18:31:32.0058 0912        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:31:32.0089 0912        Brserid - ok
18:31:32.0198 0912        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:31:32.0229 0912        BrSerWdm - ok
18:31:32.0323 0912        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:31:32.0370 0912        BrUsbMdm - ok
18:31:32.0479 0912        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:31:32.0510 0912        BrUsbSer - ok
18:31:32.0666 0912        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:31:32.0697 0912        BTHMODEM - ok
18:31:32.0853 0912        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:31:32.0916 0912        cdfs - ok
18:31:33.0041 0912        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:31:33.0087 0912        cdrom - ok
18:31:33.0212 0912        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:31:33.0259 0912        circlass - ok
18:31:33.0368 0912        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:31:33.0384 0912        CLFS - ok
18:31:33.0540 0912        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:31:33.0555 0912        CmBatt - ok
18:31:33.0665 0912        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:31:33.0696 0912        cmdide - ok
18:31:33.0774 0912        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:31:33.0805 0912        CNG - ok
18:31:33.0930 0912        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:31:33.0945 0912        Compbatt - ok
18:31:34.0070 0912        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:31:34.0101 0912        CompositeBus - ok
18:31:34.0179 0912        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:31:34.0211 0912        crcdisk - ok
18:31:34.0335 0912        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:31:34.0382 0912        DfsC - ok
18:31:34.0429 0912        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:31:34.0460 0912        discache - ok
18:31:34.0569 0912        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:31:34.0585 0912        Disk - ok
18:31:34.0694 0912        dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
18:31:34.0757 0912        dot4 - ok
18:31:34.0850 0912        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:31:34.0881 0912        Dot4Print - ok
18:31:34.0959 0912        Dot4Scan        (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
18:31:35.0006 0912        Dot4Scan - ok
18:31:35.0115 0912        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
18:31:35.0162 0912        dot4usb - ok
18:31:35.0271 0912        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:31:35.0318 0912        drmkaud - ok
18:31:35.0396 0912        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:31:35.0443 0912        DXGKrnl - ok
18:31:35.0615 0912        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:31:35.0677 0912        ebdrv - ok
18:31:35.0802 0912        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:31:35.0833 0912        elxstor - ok
18:31:35.0880 0912        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:31:35.0911 0912        ErrDev - ok
18:31:36.0051 0912        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:31:36.0114 0912        exfat - ok
18:31:36.0254 0912        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:31:36.0317 0912        fastfat - ok
18:31:36.0426 0912        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:31:36.0457 0912        fdc - ok
18:31:36.0535 0912        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:31:36.0566 0912        FileInfo - ok
18:31:36.0613 0912        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:31:36.0675 0912        Filetrace - ok
18:31:36.0769 0912        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:31:36.0800 0912        flpydisk - ok
18:31:36.0878 0912        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:31:36.0909 0912        FltMgr - ok
18:31:37.0003 0912        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:31:37.0019 0912        FsDepends - ok
18:31:37.0081 0912        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:31:37.0097 0912        Fs_Rec - ok
18:31:37.0237 0912        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:31:37.0253 0912        fvevol - ok
18:31:37.0315 0912        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:31:37.0315 0912        gagp30kx - ok
18:31:37.0409 0912        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:31:37.0440 0912        hcw85cir - ok
18:31:37.0565 0912        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:31:37.0611 0912        HdAudAddService - ok
18:31:37.0721 0912        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:31:37.0752 0912        HDAudBus - ok
18:31:37.0799 0912        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
18:31:37.0830 0912        HECI - ok
18:31:37.0923 0912        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:31:37.0955 0912        HidBatt - ok
18:31:38.0017 0912        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:31:38.0048 0912        HidBth - ok
18:31:38.0173 0912        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:31:38.0189 0912        HidIr - ok
18:31:38.0313 0912        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:31:38.0345 0912        HidUsb - ok
18:31:38.0407 0912        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:31:38.0438 0912        HpSAMD - ok
18:31:38.0563 0912        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:31:38.0610 0912        HTTP - ok
18:31:38.0657 0912        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:31:38.0657 0912        hwpolicy - ok
18:31:38.0719 0912        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:31:38.0766 0912        i8042prt - ok
18:31:38.0875 0912        iaStor          (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
18:31:38.0906 0912        iaStor - ok
18:31:39.0031 0912        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:31:39.0062 0912        iaStorV - ok
18:31:39.0343 0912        igfx            (24ccec128bebb148e50c6093523ad686) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:31:39.0686 0912        igfx - ok
18:31:39.0780 0912        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:31:39.0795 0912        iirsp - ok
18:31:39.0905 0912        Impcd          (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
18:31:39.0936 0912        Impcd - ok
18:31:40.0139 0912        IntcAzAudAddService (e4d9b6d1b012db75a01729bc3d4c5b56) C:\Windows\system32\drivers\RTKVHDA.sys
18:31:40.0201 0912        IntcAzAudAddService - ok
18:31:40.0310 0912        IntcDAud        (4ea6b57a3b71fd1a208af054e97fba37) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:31:40.0341 0912        IntcDAud - ok
18:31:40.0451 0912        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:31:40.0482 0912        intelide - ok
18:31:40.0591 0912        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:31:40.0622 0912        intelppm - ok
18:31:40.0716 0912        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:31:40.0778 0912        IpFilterDriver - ok
18:31:40.0887 0912        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:31:40.0919 0912        IPMIDRV - ok
18:31:40.0950 0912        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:31:41.0012 0912        IPNAT - ok
18:31:41.0106 0912        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:31:41.0137 0912        IRENUM - ok
18:31:41.0199 0912        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:31:41.0215 0912        isapnp - ok
18:31:41.0277 0912        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:31:41.0309 0912        iScsiPrt - ok
18:31:41.0371 0912        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:31:41.0402 0912        kbdclass - ok
18:31:41.0511 0912        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:31:41.0543 0912        kbdhid - ok
18:31:41.0605 0912        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:31:41.0621 0912        KSecDD - ok
18:31:41.0714 0912        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:31:41.0730 0912        KSecPkg - ok
18:31:41.0855 0912        L1C            (6ef8146358452995a4a9335e44abb015) C:\Windows\system32\DRIVERS\L1C62x86.sys
18:31:41.0855 0912        L1C - ok
18:31:41.0979 0912        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:31:42.0026 0912        lltdio - ok
18:31:42.0167 0912        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:31:42.0182 0912        LSI_FC - ok
18:31:42.0245 0912        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:31:42.0260 0912        LSI_SAS - ok
18:31:42.0307 0912        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:31:42.0323 0912        LSI_SAS2 - ok
18:31:42.0416 0912        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:31:42.0432 0912        LSI_SCSI - ok
18:31:42.0494 0912        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:31:42.0557 0912        luafv - ok
18:31:42.0681 0912        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
18:31:42.0697 0912        MBAMProtector - ok
18:31:42.0759 0912        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:31:42.0775 0912        megasas - ok
18:31:42.0869 0912        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:31:42.0900 0912        MegaSR - ok
18:31:43.0025 0912        mod7700        (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys
18:31:43.0056 0912        mod7700 - ok
18:31:43.0118 0912        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:31:43.0165 0912        Modem - ok
18:31:43.0274 0912        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:31:43.0321 0912        monitor - ok
18:31:43.0446 0912        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:31:43.0461 0912        mouclass - ok
18:31:43.0508 0912        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:31:43.0539 0912        mouhid - ok
18:31:43.0680 0912        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:31:43.0695 0912        mountmgr - ok
18:31:43.0742 0912        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:31:43.0773 0912        mpio - ok
18:31:43.0805 0912        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:31:43.0867 0912        mpsdrv - ok
18:31:43.0976 0912        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:31:44.0023 0912        MRxDAV - ok
18:31:44.0070 0912        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:44.0117 0912        mrxsmb - ok
18:31:44.0132 0912        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:31:44.0179 0912        mrxsmb10 - ok
18:31:44.0210 0912        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:44.0241 0912        mrxsmb20 - ok
18:31:44.0351 0912        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:31:44.0366 0912        msahci - ok
18:31:44.0429 0912        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:31:44.0460 0912        msdsm - ok
18:31:44.0569 0912        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:31:44.0616 0912        Msfs - ok
18:31:44.0663 0912        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:31:44.0709 0912        mshidkmdf - ok
18:31:44.0772 0912        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:31:44.0787 0912        msisadrv - ok
18:31:44.0912 0912        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:31:44.0975 0912        MSKSSRV - ok
18:31:45.0084 0912        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:31:45.0146 0912        MSPCLOCK - ok
18:31:45.0193 0912        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:31:45.0240 0912        MSPQM - ok
18:31:45.0349 0912        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:31:45.0365 0912        MsRPC - ok
18:31:45.0474 0912        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:31:45.0489 0912        mssmbios - ok
18:31:45.0536 0912        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:31:45.0599 0912        MSTEE - ok
18:31:45.0692 0912        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:31:45.0739 0912        MTConfig - ok
18:31:45.0801 0912        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:31:45.0817 0912        Mup - ok
18:31:45.0942 0912        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:31:45.0973 0912        NativeWifiP - ok
18:31:46.0113 0912        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:31:46.0160 0912        NDIS - ok
18:31:46.0191 0912        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:46.0254 0912        NdisCap - ok
18:31:46.0347 0912        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:46.0410 0912        NdisTapi - ok
18:31:46.0503 0912        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:31:46.0535 0912        Ndisuio - ok
18:31:46.0597 0912        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:31:46.0675 0912        NdisWan - ok
18:31:46.0800 0912        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:31:46.0862 0912        NDProxy - ok
18:31:46.0925 0912        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:31:46.0987 0912        NetBIOS - ok
18:31:47.0096 0912        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:31:47.0159 0912        NetBT - ok
18:31:47.0283 0912        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:31:47.0299 0912        nfrd960 - ok
18:31:47.0408 0912        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:31:47.0471 0912        Npfs - ok
18:31:47.0549 0912        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:31:47.0611 0912        nsiproxy - ok
18:31:47.0767 0912        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:31:47.0861 0912        Ntfs - ok
18:31:47.0892 0912        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:31:47.0923 0912        Null - ok
18:31:48.0063 0912        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:31:48.0079 0912        nvraid - ok
18:31:48.0110 0912        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:31:48.0141 0912        nvstor - ok
18:31:48.0157 0912        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:31:48.0173 0912        nv_agp - ok
18:31:48.0313 0912        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:31:48.0344 0912        ohci1394 - ok
18:31:48.0469 0912        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:31:48.0500 0912        Parport - ok
18:31:48.0609 0912        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:31:48.0625 0912        partmgr - ok
18:31:48.0672 0912        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:31:48.0687 0912        Parvdm - ok
18:31:48.0750 0912        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:31:48.0765 0912        pci - ok
18:31:48.0812 0912        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:31:48.0828 0912        pciide - ok
18:31:48.0890 0912        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:31:48.0906 0912        pcmcia - ok
18:31:48.0968 0912        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:31:48.0984 0912        pcw - ok
18:31:48.0999 0912        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:31:49.0077 0912        PEAUTH - ok
18:31:49.0218 0912        Point32        (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
18:31:49.0233 0912        Point32 - ok
18:31:49.0343 0912        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:31:49.0405 0912        PptpMiniport - ok
18:31:49.0452 0912        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:31:49.0483 0912        Processor - ok
18:31:49.0592 0912        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:31:49.0623 0912        Psched - ok
18:31:49.0779 0912        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:31:49.0826 0912        ql2300 - ok
18:31:49.0873 0912        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:31:49.0873 0912        ql40xx - ok
18:31:49.0920 0912        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:31:49.0935 0912        QWAVEdrv - ok
18:31:49.0967 0912        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:31:50.0029 0912        RasAcd - ok
18:31:50.0138 0912        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:31:50.0185 0912        RasAgileVpn - ok
18:31:50.0216 0912        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:31:50.0263 0912        Rasl2tp - ok
18:31:50.0372 0912        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:31:50.0435 0912        RasPppoe - ok
18:31:50.0544 0912        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:31:50.0606 0912        RasSstp - ok
18:31:50.0731 0912        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:31:50.0793 0912        rdbss - ok
18:31:50.0903 0912        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:31:50.0934 0912        rdpbus - ok
18:31:51.0012 0912        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:31:51.0059 0912        RDPCDD - ok
18:31:51.0105 0912        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:31:51.0183 0912        RDPENCDD - ok
18:31:51.0261 0912        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:31:51.0324 0912        RDPREFMP - ok
18:31:51.0433 0912        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:31:51.0480 0912        RDPWD - ok
18:31:51.0542 0912        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:31:51.0558 0912        rdyboost - ok
18:31:51.0667 0912        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:31:51.0698 0912        rspndr - ok
18:31:51.0792 0912        RSUSBSTOR      (ef8b2afc3c0751c5e5a59983c8893260) C:\Windows\system32\Drivers\RtsUStor.sys
18:31:51.0823 0912        RSUSBSTOR - ok
18:31:51.0948 0912        rtl8192se      (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
18:31:51.0995 0912        rtl8192se - ok
18:31:52.0010 0912        RtsUIR - ok
18:31:52.0073 0912        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:31:52.0088 0912        sbp2port - ok
18:31:52.0197 0912        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:31:52.0260 0912        scfilter - ok
18:31:52.0385 0912        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:31:52.0463 0912        secdrv - ok
18:31:52.0572 0912        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:31:52.0603 0912        Serenum - ok
18:31:52.0681 0912        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:31:52.0728 0912        Serial - ok
18:31:52.0837 0912        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:31:52.0853 0912        sermouse - ok
18:31:52.0899 0912        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:31:52.0931 0912        sffdisk - ok
18:31:52.0977 0912        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:31:53.0009 0912        sffp_mmc - ok
18:31:53.0071 0912        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:31:53.0118 0912        sffp_sd - ok
18:31:53.0180 0912        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:31:53.0211 0912        sfloppy - ok
18:31:53.0321 0912        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:31:53.0321 0912        sisagp - ok
18:31:53.0367 0912        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:31:53.0383 0912        SiSRaid2 - ok
18:31:53.0461 0912        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:31:53.0492 0912        SiSRaid4 - ok
18:31:53.0570 0912        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:31:53.0617 0912        Smb - ok
18:31:53.0726 0912        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:31:53.0742 0912        spldr - ok
18:31:53.0835 0912        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:31:53.0882 0912        srv - ok
18:31:53.0991 0912        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:31:54.0023 0912        srv2 - ok
18:31:54.0069 0912        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:31:54.0069 0912        srvnet - ok
18:31:54.0147 0912        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:31:54.0147 0912        stexstor - ok
18:31:54.0272 0912        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:31:54.0272 0912        swenum - ok
18:31:54.0397 0912        SynTP          (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
18:31:54.0413 0912        SynTP - ok
18:31:54.0537 0912        Tcpip          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
18:31:54.0584 0912        Tcpip - ok
18:31:54.0631 0912        TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
18:31:54.0662 0912        TCPIP6 - ok
18:31:54.0725 0912        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:31:54.0756 0912        tcpipreg - ok
18:31:54.0803 0912        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:31:54.0849 0912        TDPIPE - ok
18:31:54.0881 0912        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:31:54.0896 0912        TDTCP - ok
18:31:54.0959 0912        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:31:54.0990 0912        tdx - ok
18:31:55.0037 0912        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:31:55.0052 0912        TermDD - ok
18:31:55.0115 0912        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:31:55.0177 0912        tssecsrv - ok
18:31:55.0302 0912        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:31:55.0349 0912        TsUsbFlt - ok
18:31:55.0473 0912        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:31:55.0520 0912        tunnel - ok
18:31:55.0551 0912        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:31:55.0567 0912        uagp35 - ok
18:31:55.0598 0912        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:31:55.0629 0912        udfs - ok
18:31:55.0770 0912        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:31:55.0785 0912        uliagpkx - ok
18:31:55.0848 0912        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:31:55.0879 0912        umbus - ok
18:31:55.0973 0912        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:31:56.0004 0912        UmPass - ok
18:31:56.0082 0912        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
18:31:56.0097 0912        usbccgp - ok
18:31:56.0160 0912        USBCCID - ok
18:31:56.0253 0912        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:31:56.0300 0912        usbcir - ok
18:31:56.0409 0912        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:31:56.0441 0912        usbehci - ok
18:31:56.0565 0912        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:31:56.0597 0912        usbhub - ok
18:31:56.0643 0912        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:31:56.0675 0912        usbohci - ok
18:31:56.0721 0912        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:31:56.0753 0912        usbprint - ok
18:31:56.0862 0912        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:31:56.0893 0912        USBSTOR - ok
18:31:56.0940 0912        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:31:56.0971 0912        usbuhci - ok
18:31:57.0111 0912        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
18:31:57.0143 0912        usbvideo - ok
18:31:57.0189 0912        uxddrv - ok
18:31:57.0314 0912        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:31:57.0330 0912        vdrvroot - ok
18:31:57.0361 0912        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:31:57.0392 0912        vga - ok
18:31:57.0486 0912        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:31:57.0533 0912        VgaSave - ok
18:31:57.0611 0912        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:31:57.0642 0912        vhdmp - ok
18:31:57.0751 0912        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:31:57.0767 0912        viaagp - ok
18:31:57.0798 0912        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:31:57.0829 0912        ViaC7 - ok
18:31:57.0876 0912        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:31:57.0891 0912        viaide - ok
18:31:57.0954 0912        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:31:57.0969 0912        volmgr - ok
18:31:58.0016 0912        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:31:58.0032 0912        volmgrx - ok
18:31:58.0079 0912        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:31:58.0110 0912        volsnap - ok
18:31:58.0203 0912        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:31:58.0235 0912        vsmraid - ok
18:31:58.0281 0912        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:31:58.0328 0912        vwifibus - ok
18:31:58.0437 0912        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:31:58.0469 0912        vwififlt - ok
18:31:58.0578 0912        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:31:58.0625 0912        WacomPen - ok
18:31:58.0749 0912        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:58.0796 0912        WANARP - ok
18:31:58.0796 0912        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:58.0827 0912        Wanarpv6 - ok
18:31:58.0874 0912        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:31:58.0874 0912        Wd - ok
18:31:58.0921 0912        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:31:58.0952 0912        Wdf01000 - ok
18:31:59.0077 0912        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:31:59.0124 0912        WfpLwf - ok
18:31:59.0155 0912        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:31:59.0155 0912        WIMMount - ok
18:31:59.0311 0912        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:31:59.0327 0912        WmiAcpi - ok
18:31:59.0436 0912        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:31:59.0498 0912        ws2ifsl - ok
18:31:59.0545 0912        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:31:59.0592 0912        WudfPf - ok
18:31:59.0623 0912        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:59.0670 0912        WUDFRd - ok
18:31:59.0763 0912        X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
18:31:59.0779 0912        X10Hid - ok
18:31:59.0857 0912        XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
18:31:59.0857 0912        XUIF - ok
18:31:59.0888 0912        MBR (0x1B8)    (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
18:32:00.0684 0912        \Device\Harddisk0\DR0 - ok
18:32:00.0855 0912        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:32:01.0043 0912        \Device\Harddisk1\DR1 - ok
18:32:01.0058 0912        Boot (0x1200)  (cfcd6c67b7af1183d6374c13a8a6a872) \Device\Harddisk0\DR0\Partition0
18:32:01.0058 0912        \Device\Harddisk0\DR0\Partition0 - ok
18:32:01.0074 0912        Boot (0x1200)  (697878c955c3c37a0204ab850c8f13e6) \Device\Harddisk0\DR0\Partition1
18:32:01.0074 0912        \Device\Harddisk0\DR0\Partition1 - ok
18:32:01.0105 0912        Boot (0x1200)  (b194fe945cefef9fb26c96c6e6be0016) \Device\Harddisk0\DR0\Partition2
18:32:01.0105 0912        \Device\Harddisk0\DR0\Partition2 - ok
18:32:01.0121 0912        Boot (0x1200)  (01d684f92db00524fac0c2e64471c518) \Device\Harddisk1\DR1\Partition0
18:32:01.0121 0912        \Device\Harddisk1\DR1\Partition0 - ok
18:32:01.0121 0912        ============================================================
18:32:01.0121 0912        Scan finished
18:32:01.0121 0912        ============================================================
18:32:01.0136 5708        Detected object count: 0
18:32:01.0136 5708        Actual detected object count: 0

cosinus 05.10.2011 17:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

DieTrojanPlz 05.10.2011 23:51
Wunderbar! Das hat geklappt!!! :applaus: Vielen Dank! Das einzige Problem ist, dass ich jetzt die Anwendungen auf dem Laptop nicht mehr benutzen kann, also auch nicht die Internet Explorer Chrome etc. (schreibe gerade von meinem alten Computer).

Hier ist der Log:

Code:
ComboFix 11-10-05.02 - Medion 05.10.2011  23:37:36.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3511.2602 [GMT 2:00]
ausgeführt von:: c:\users\Medion\Downloads\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-09-05 bis 2011-10-05  ))))))))))))))))))))))))))))))
.
.
2011-10-05 21:42 . 2011-10-05 21:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-10-05 21:19 . 2011-10-05 21:19        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C565C9B0-CBF0-46D5-A885-E7AD236FC2BB}\offreg.dll
2011-10-05 15:39 . 2011-10-05 15:39        --------        d-----w-        C:\_OTL
2011-10-05 12:29 . 2011-10-05 12:30        --------        d-----w-        c:\program files\Microsoft IntelliPoint
2011-10-04 23:15 . 2011-10-04 23:15        --------        d-----w-        c:\windows\system32\wbem\en-US
2011-10-04 13:47 . 2011-10-04 13:47        --------        d-----w-        c:\program files\ESET
2011-10-04 13:37 . 2011-10-04 13:37        --------        d-----w-        c:\programdata\Malwarebytes
2011-10-04 13:37 . 2011-10-04 13:37        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-10-04 13:37 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-10-04 13:32 . 2011-10-04 13:32        --------        d-----w-        c:\windows\system32\SPReview
2011-10-04 13:32 . 2011-10-04 13:32        --------        d-----w-        c:\windows\system32\EventProviders
2011-10-04 13:29 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-10-04 13:29 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-10-04 13:29 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-10-04 13:27 . 2011-10-04 13:27        --------        d-----w-        c:\program files\Common Files\Adobe
2011-10-04 13:27 . 2011-10-04 13:27        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 11:07 . 2011-09-21 07:00        7269712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C565C9B0-CBF0-46D5-A885-E7AD236FC2BB}\mpengine.dll
2011-10-03 09:43 . 2010-11-20 12:30        28032        ----a-w-        c:\windows\system32\drivers\msahci.sys
2011-10-03 09:42 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\system32\wdscore.dll
2011-10-03 09:42 . 2010-11-20 12:21        363008        ----a-w-        c:\windows\system32\wbemcomn.dll
2011-10-03 09:42 . 2010-11-20 12:21        189952        ----a-w-        c:\program files\Windows Portable Devices\sqmapi.dll
2011-10-03 09:42 . 2010-11-20 12:19        606208        ----a-w-        c:\windows\system32\wbem\fastprox.dll
2011-10-03 09:42 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\system32\sqmapi.dll
2011-10-01 15:01 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-10-01 14:02 . 2011-06-21 05:34        1290624        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-10-01 14:01 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-10-01 14:01 . 2010-11-20 12:18        219136        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-10-01 14:01 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-10-01 14:01 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-10-01 14:01 . 2011-02-23 04:47        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-10-01 14:01 . 2011-04-22 19:14        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-10-01 14:01 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-10-01 14:01 . 2011-02-03 05:54        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-10-01 14:01 . 2010-11-20 12:29        728448        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-10-01 14:01 . 2010-11-20 11:56        107520        ----a-w-        c:\windows\system32\cdd.dll
2011-10-01 13:56 . 2011-10-01 13:56        87376        ----a-w-        c:\windows\system32\BGLsp.dll
2011-09-26 08:03 . 2011-09-26 08:03        --------        d-----w-        C:\img
2011-09-23 12:57 . 2011-09-23 12:57        --------        d-----w-        c:\users\Medion
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 23:21 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-08-31 18:10 . 2011-08-31 18:10        8198936        ----a-w-        c:\windows\system32\TVWSetup.exe
2011-08-31 18:10 . 2011-08-31 18:10        142616        ----a-w-        c:\windows\system32\igfxtray.exe
2011-08-31 18:09 . 2011-08-31 18:09        267544        ----a-w-        c:\windows\system32\igfxsrvc.exe
2011-08-31 18:09 . 2011-08-31 18:09        176408        ----a-w-        c:\windows\system32\igfxpers.exe
2011-08-31 18:09 . 2011-08-31 18:09        188184        ----a-w-        c:\windows\system32\igfxext.exe
2011-08-31 18:09 . 2011-08-31 18:09        177432        ----a-w-        c:\windows\system32\hkcmd.exe
2011-08-31 18:09 . 2011-08-31 18:09        4699416        ----a-w-        c:\windows\system32\GfxUI.exe
2011-08-31 17:57 . 2011-08-31 17:57        81920        ----a-w-        c:\windows\system32\igfxCoIn_v2509.dll
2011-08-31 17:48 . 2011-08-31 17:48        10855424        ----a-w-        c:\windows\system32\drivers\igdkmd32.sys
2011-08-31 17:47 . 2010-03-12 11:07        6322688        ----a-w-        c:\windows\system32\igdumd32.dll
2011-08-31 17:45 . 2010-03-12 11:07        581120        ----a-w-        c:\windows\system32\igdumdx32.dll
2011-08-31 17:37 . 2010-03-12 11:07        12340224        ----a-w-        c:\windows\system32\igd10umd32.dll
2011-08-31 17:26 . 2011-08-31 17:26        13903872        ----a-w-        c:\windows\system32\ig4icd32.dll
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrsky.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrrom.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrhrv.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrtrk.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrslv.lrc
2011-08-31 17:19 . 2011-08-31 17:19        283648        ----a-w-        c:\windows\system32\igfxrtha.lrc
2011-08-31 17:19 . 2011-08-31 17:19        285184        ----a-w-        c:\windows\system32\igfxresn.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrsve.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrrus.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrptg.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrptb.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrplk.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrnor.lrc
2011-08-31 17:19 . 2011-08-31 17:19        281088        ----a-w-        c:\windows\system32\igfxrkor.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrita.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrhun.lrc
2011-08-31 17:19 . 2011-08-31 17:19        281600        ----a-w-        c:\windows\system32\igfxrjpn.lrc
2011-08-31 17:19 . 2011-08-31 17:19        285184        ----a-w-        c:\windows\system32\igfxrell.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrdeu.lrc
2011-08-31 17:19 . 2011-08-31 17:19        283136        ----a-w-        c:\windows\system32\igfxrheb.lrc
2011-08-31 17:19 . 2011-08-31 17:19        285184        ----a-w-        c:\windows\system32\igfxrfra.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284672        ----a-w-        c:\windows\system32\igfxrnld.lrc
2011-08-31 17:19 . 2011-08-31 17:19        284160        ----a-w-        c:\windows\system32\igfxrfin.lrc
2011-08-31 17:19 . 2011-08-31 17:19        283648        ----a-w-        c:\windows\system32\igfxrdan.lrc
2011-08-31 17:18 . 2011-08-31 17:18        284672        ----a-w-        c:\windows\system32\igfxrcsy.lrc
2011-08-31 17:18 . 2011-08-31 17:18        280576        ----a-w-        c:\windows\system32\igfxrcht.lrc
2011-08-31 17:18 . 2011-08-31 17:18        280576        ----a-w-        c:\windows\system32\igfxrchs.lrc
2011-08-31 17:18 . 2011-08-31 17:18        283136        ----a-w-        c:\windows\system32\igfxrara.lrc
2011-08-31 17:16 . 2010-03-12 11:07        306176        ----a-w-        c:\windows\system32\igfxpph.dll
2011-08-31 17:16 . 2011-08-31 17:16        260608        ----a-w-        c:\windows\system32\igfxTMM.dll
2011-08-31 17:16 . 2011-08-31 17:16        24576        ----a-w-        c:\windows\system32\igfxexps.dll
2011-08-31 17:16 . 2011-08-31 17:16        120320        ----a-w-        c:\windows\system32\igfxcpl.cpl
2011-08-31 17:16 . 2010-03-12 11:07        57856        ----a-w-        c:\windows\system32\igfxsrvc.dll
2011-08-31 17:16 . 2011-08-31 17:16        130048        ----a-w-        c:\windows\system32\igfxdo.dll
2011-08-31 17:15 . 2010-03-12 11:07        96256        ----a-w-        c:\windows\system32\hccutils.dll
2011-08-31 17:15 . 2011-08-31 17:15        4096        ----a-w-        c:\windows\system32\IGFXDEVLib.dll
2011-08-31 17:15 . 2011-08-31 17:15        146944        ----a-w-        c:\windows\system32\gfxSrvc.dll
2011-08-31 17:15 . 2010-03-12 11:07        294400        ----a-w-        c:\windows\system32\igfxdev.dll
2011-08-31 17:15 . 2011-08-31 17:15        283648        ----a-w-        c:\windows\system32\igfxrenu.lrc
2011-08-31 17:15 . 2010-03-12 11:07        9030656        ----a-w-        c:\windows\system32\igfxress.dll
2011-08-31 17:13 . 2011-08-31 17:13        98304        ----a-w-        c:\windows\system32\iglhcp32.dll
2011-08-31 17:13 . 2011-08-31 17:13        94208        ----a-w-        c:\windows\system32\IccLibDll.dll
2011-08-31 17:13 . 2011-08-31 17:13        376832        ----a-w-        c:\windows\system32\iglhsip32.dll
2011-08-31 17:13 . 2011-08-31 17:13        162816        ----a-w-        c:\windows\system32\igfxcmrt32.dll
2011-08-01 13:56 . 2011-08-01 13:56        40936        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-09-29 07:09 . 2011-10-04 11:56        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29}"= "c:\users\Medion\AppData\Roaming\xplugin\toolbar.dll" [2011-09-19 633344]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-18272be37e29}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2011-10-01 304464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-02 8522272]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-03-02 678432]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2011-10-01 304464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 176408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
.
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2009-01-23 55504]
S2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 232448]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-12-22 65576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard        REG_MULTI_SZ          BgMainSvc BsFileScan BsMailProxy
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000Core.job
- c:\users\Medion\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 13:52]
.
2011-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571920699-3839743047-2692850820-1000UA.job
- c:\users\Medion\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 13:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\c9al74jl.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-05  23:44:02
ComboFix-quarantined-files.txt  2011-10-05 21:44
.
Vor Suchlauf: 9 Verzeichnis(se), 427.187.761.152 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 426.720.559.104 Bytes frei
.
- - End Of File - - 78104F6C9BC7C6AE271799F14A066B83

cosinus 06.10.2011 12:51
Zitat:
dass ich jetzt die Anwendungen auf dem Laptop nicht mehr benutzen kann
Windows neu gestartet?

DieTrojanPlz 06.10.2011 18:07
ja das war es :pfeiff:

Jetzt funktioniert alles :applaus:

Vielen, vielen Dank! :party:

:Boogie::Boogie::Boogie:

cosinus 07.10.2011 15:32
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129