Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Blockiert 50 Euro Zahlungsaufforderung Ukash (https://www.trojaner-board.de/109197-windows-blockiert-50-euro-zahlungsaufforderung-ukash.html)

Hattinger 06.02.2012 00:36
Windows Blockiert 50 Euro Zahlungsaufforderung Ukash
 
Hallo zusammen, Danke schonmal für Interesse an dem Problem! ich habe wie viele andere Nutzer auch ein Problem mit einem Virus/Trojaner? der wenige Minuten nach PC Start den Computer blockiert mit der Meldung:

"Achtung ! aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
Durch das Besuchen von Seiten mit infizierten und pornografischen Inhalten ist das Computersystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen können. Um das System wiederherstellen zu können, müssen Sie ein zusätzliches Sicherheitsupdate herunterladen." (Unten waren die Symbole von KasperSky, McAfee, Avira und zwei andere. )
Zusätzlich wird man zum Zahlen von 50 Euro über eine Bezahlkarte (zb Ukash) aufgefordert.

Der PC (Windows Vista 32bit ) ist aktuell auf Grund dieses Problems nur im abgesicherten Modus benutzbar. Nachdem ich im Forum gesehen habe, dass zur Problemdiagnose OTL runtergeladen werden soll habe ich dies getan und die Diagnose laufen lassen.

Meine OTL.txt und Extras.txt Datei sind als Anhang diesem Post beigefügt. Vielen dank im Vorraus, ich weiss eure Hilfe wirklich zu schätzen!
Hattinger

cosinus 06.02.2012 09:35
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Hattinger 06.02.2012 19:20
Vielen Dank für die Schnelle Antwort und die gute Beratung, ich habe Malwarebytes durchlaufen lassen und die gefundenen Trojaner gelöscht, kann den Pc auch wieder ohne abgesicherten Modus benutzen wie es scheint. Ich führe gleich noch den anderen Test (ESET) durch und stelle die Log dateien online.

Log von Malwarebytes Anti-Malware

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.03

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19170
Lukas :: LUKAS-PC [Administrator]

06.02.2012 18:07:23
mbam-log-2012-02-06 (18-07-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 374697
Laufzeit: 50 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Trojan.Agent) -> Daten: C:\Users\Lukas\M-1-52-5782-8752-5245\winsvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Lukas\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Lukas\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hattinger 06.02.2012 21:15
Ergebnis des ESET tests waren 4 Funde. Wie empfohlen habe ich diese nicht automatisch entfernen lassen.
Hier die Log Datei
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=49a11986a9798b46b25cef2c6d091d4d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 08:08:21
# local_time=2012-02-06 09:08:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 5708453 5708453 0 0
# compatibility_mode=5892 16776573 100 100 148018 166085777 0 0
# compatibility_mode=8192 67108863 100 0 3785 3785 0 0
# scanned=195829
# found=4
# cleaned=0
# scan_time=5851
C:\Users\Lukas\AppData\Local\Temp\nsaFFA9.tmp.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Lukas\AppData\Local\Temp\SetupDataMngr_jZip.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Lukas\Downloads\dk1.4-0.2.6.zip        probably a variant of Win32/Agent.CXDRQFS trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Lukas\Downloads\jZipV1.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

cosinus 06.02.2012 21:23
Zitat:
C:\Users\Lukas\Downloads\dk1.4-0.2.6.zip
C:\Users\Lukas\Downloads\jZipV1.exe
Was sind denn das für Dateien :wtf:
und aus welcher Quelle?

Hattinger 06.02.2012 21:41
Wenn ich das richtig sehe ist dk1.4 etc einmal als zip und einmal als ordner im download ordner vorhanden, in dem ordner befindet sich unter anderem eine exe namens dotakeys , ich glaube das sollte ursprünglich ermöglichen die Tasten in einem Pc spiel selbst zu belegen weils im spielmenü nicht ging, hat aber nie funktioniert. hatte es damals irgendwo aus dem internet. (lange her)

jzipv1 ist eine 6mb große exe datei die laut windows am 1.2.2012 erstellt wurde, ich glaube es ist ein programm zum entpacken von zip dateien, quelle weiss ich nichtmehr genau. zum programm wird noch angezeigt das es von "bandoo media inc" stammt.

Hilft das irgendwie weiter oder brauchst du noch mehr Angaben?
Grüße
Hattinger

cosinus 06.02.2012 21:54
Ja das reicht erstma :)
Funktioniert der normale Modus inzwischen wieder?

Hattinger 06.02.2012 21:59
Ja der normale Modus geht wieder, seitdem Malwarebytes aufgeräumt hat. Daher schonmal vielen Dank für die Unterstützung bisher , bleibt die Frage was mit den Funden von ESET zu tun ist ;) ?

Grüße
Hattinger

cosinus 06.02.2012 22:00
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Hattinger 07.02.2012 15:39
Alles klar hab OTL wie angegeben durchlaufen lassen, hier der/die/das log
OTL Logfile:
Code:
OTL logfile created on: 07.02.2012 15:17:42 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Lukas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,64% Memory free
6,23 Gb Paging File | 5,24 Gb Available in Paging File | 84,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270,45 Gb Total Space | 162,13 Gb Free Space | 59,95% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 57,16 Gb Free Space | 29,27% Space Free | Partition Type: NTFS
Drive E: | 302,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Lukas\AppData\Local\Temp\CmdLineExt02.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Creative HOAL Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (skfiltv) -- C:\Windows\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 35 5B 2A 4C E3 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.04 13:11:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 00:56:37 | 000,000,000 | ---D | M]
 
[2008.08.05 23:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2012.02.05 23:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\fwgaeijc.default\extensions
[2011.12.19 21:23:47 | 000,000,933 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\searchplugins\11-suche.xml
[2011.12.19 21:23:47 | 000,002,419 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 21:23:47 | 000,010,525 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\searchplugins\gmx-suche.xml
[2011.12.19 21:23:47 | 000,002,457 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\searchplugins\lastminute.xml
[2011.12.19 21:23:47 | 000,005,508 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\searchplugins\webde-suche.xml
[2012.01.08 17:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.05 19:30:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.04 13:11:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.08 13:26:08 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2012.01.08 17:47:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.08 17:47:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.08 17:47:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.08 17:47:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.08 17:47:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.08 17:47:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON BX635FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF1E03C7-63AD-42DF-B789-CED4E49C056E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 16:39:12 | 000,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05837e3f-bb4e-11df-9a0e-0018370916ce}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- [2010.11.23 15:04:39 | 001,565,280 | R--- | M] (HanseNet Telekommunikation GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Lukas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A5620B4-DF34-F099-411B-939B68A9CD4D} -
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2CB7C200-D726-4C1A-FB87-7933FFB61669} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5410A356-6231-EED4-3BFF-4E8858EDEB26} - Microsoft Windows Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A3CC4BFF-DD7D-878D-68E6-E7079F3D9F63} - Microsoft Windows Media Player
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 19:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.06 19:23:42 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lukas\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 18:05:59 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2012.02.06 18:05:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.06 18:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.06 18:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 18:03:01 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Lukas\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.05 23:57:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2012.02.01 20:13:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\jZip
[2012.02.01 20:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2012.02.01 20:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\jZip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 15:07:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.07 15:07:43 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 15:07:43 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 15:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 15:07:31 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.06 21:46:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.06 19:23:42 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lukas\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 18:05:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.06 18:03:03 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Lukas\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.05 23:57:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2012.02.05 23:11:51 | 001,589,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.05 22:34:21 | 000,001,356 | ---- | M] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat
[2012.01.27 12:26:02 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.01.17 22:12:57 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 22:12:57 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 22:12:57 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 22:12:57 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.06 19:09:54 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.06 18:05:55 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.11.10 20:18:18 | 000,017,460 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.11.06 19:47:30 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.05 17:02:06 | 000,006,769 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\.freeciv-client-rc-2.2
[2011.02.18 00:12:23 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010.10.22 15:00:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.22 15:00:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.10.22 14:23:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.09.08 16:26:52 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.08.05 18:14:21 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.05 18:14:21 | 000,138,056 | ---- | C] () -- C:\Users\Lukas\AppData\Roaming\PnkBstrK.sys
[2010.08.05 18:14:09 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.05 18:14:08 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.08.05 18:14:08 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.03.15 00:57:08 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.21 11:38:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.21 11:05:50 | 000,000,052 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.07.21 11:05:23 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
[2009.07.21 11:05:17 | 000,127,488 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.07.21 11:05:17 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.05.26 23:35:48 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2009.03.30 13:18:51 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008.09.19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.11 22:52:53 | 000,039,936 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.07 00:55:19 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys
[2008.08.05 22:07:43 | 000,000,552 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d8caps.dat
[2008.08.05 21:58:57 | 000,000,290 | ---- | C] () -- C:\Windows\lgfwup.ini
[2008.08.05 21:51:11 | 000,001,356 | ---- | C] () -- C:\Users\Lukas\AppData\Local\d3d9caps.dat
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 16:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,589,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2011.03.05 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.freeciv
[2011.02.14 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Advanced Chemistry Development
[2008.08.05 23:18:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FDRLab
[2011.03.06 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\fretsonfire
[2011.03.05 16:55:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\GetRightToGo
[2012.01.06 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ
[2008.08.24 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ Toolbar
[2011.11.20 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Leadertech
[2009.11.23 02:37:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.03.26 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\pokerth
[2010.01.20 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TS3Client
[2009.05.27 13:35:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Zylom
[2012.02.06 22:00:55 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.05 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.freeciv
[2009.11.23 02:27:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Adobe
[2011.02.14 22:21:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Advanced Chemistry Development
[2008.08.15 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Ahead
[2010.11.28 15:21:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Apple Computer
[2011.12.02 18:55:42 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Avira
[2011.12.29 16:32:10 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Creative
[2008.09.22 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\CyberLink
[2008.11.17 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DivX
[2008.08.05 23:18:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\FDRLab
[2011.03.06 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\fretsonfire
[2011.03.05 16:55:57 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\GetRightToGo
[2012.01.06 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ
[2008.08.24 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ Toolbar
[2009.05.27 13:35:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Identities
[2009.07.18 13:18:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\InstallShield
[2011.11.20 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Leadertech
[2009.11.23 02:37:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2008.08.05 23:57:03 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Macromedia
[2012.02.06 18:05:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs
[2012.02.05 22:42:03 | 000,000,000 | --SD | M] -- C:\Users\Lukas\AppData\Roaming\Microsoft
[2008.08.05 23:26:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Mozilla
[2011.11.07 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\NVIDIA
[2012.01.27 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org2
[2009.03.26 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\pokerth
[2012.01.08 02:53:14 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Skype
[2011.08.31 09:51:05 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\skypePM
[2009.12.13 20:16:26 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\teamspeak2
[2010.01.20 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TS3Client
[2011.12.29 16:46:37 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\vlc
[2011.02.17 23:55:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\WinRAR
[2009.05.27 13:35:01 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2009.11.23 02:36:34 | 000,038,208 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.05 22:46:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.08.05 22:46:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.08.05 22:46:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.08.05 22:21:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.08.05 22:21:11 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:18D45654DD6917A9

< End of report >
--- --- ---

cosinus 07.02.2012 18:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 16:39:12 | 000,000,061 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{05837e3f-bb4e-11df-9a0e-0018370916ce}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- [2010.11.23 15:04:39 | 001,565,280 | R--- | M] (HanseNet Telekommunikation GmbH)
[2008.08.24 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ICQ Toolbar
@Alternate Data Stream - 24 bytes -> C:\Windows:18D45654DD6917A9
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hattinger 07.02.2012 21:57
ok hab alles gemacht wie beschrieben (OTL Fix)
sind noch weiter schritte nötig oder ist mein system "geheilt?" ;)
hier ist das log :
Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05837e3f-bb4e-11df-9a0e-0018370916ce}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05837e3f-bb4e-11df-9a0e-0018370916ce}\ not found.
File H:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\Einstiegsseite.exe scheduled to be moved on reboot.
Folder C:\Users\Lukas\AppData\Roaming\ICQ Toolbar\ not found.
Unable to delete ADS C:\Windows:18D45654DD6917A9 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lukas
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12142998 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 187649551 bytes
RecycleBin emptied: 15279 bytes
 
Total Files Cleaned = 191,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02072012_215132

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Einstiegsseite.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 07.02.2012 22:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hattinger 08.02.2012 12:47
Ok hab auch den TDSS Killer durchlaufen lassen der 5 sachen gefunden hat :
Code:
12:44:37.0496 2336        TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
12:44:37.0617 2336        ============================================================
12:44:37.0617 2336        Current date / time: 2012/02/08 12:44:37.0617
12:44:37.0617 2336        SystemInfo:
12:44:37.0617 2336       
12:44:37.0617 2336        OS Version: 6.0.6002 ServicePack: 2.0
12:44:37.0617 2336        Product type: Workstation
12:44:37.0617 2336        ComputerName: LUKAS-PC
12:44:37.0617 2336        UserName: Lukas
12:44:37.0617 2336        Windows directory: C:\Windows
12:44:37.0617 2336        System windows directory: C:\Windows
12:44:37.0617 2336        Processor architecture: Intel x86
12:44:37.0617 2336        Number of processors: 2
12:44:37.0617 2336        Page size: 0x1000
12:44:37.0617 2336        Boot type: Normal boot
12:44:37.0617 2336        ============================================================
12:44:37.0963 2336        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:44:37.0965 2336        \Device\Harddisk0\DR0:
12:44:37.0965 2336        MBR used
12:44:37.0965 2336        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
12:44:37.0965 2336        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE5000
12:44:38.0049 2336        Initialize success
12:44:38.0049 2336        ============================================================
12:44:57.0095 3008        ============================================================
12:44:57.0096 3008        Scan started
12:44:57.0096 3008        Mode: Manual; SigCheck; TDLFS;
12:44:57.0096 3008        ============================================================
12:44:57.0394 3008        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:44:57.0498 3008        ACPI - ok
12:44:57.0544 3008        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:44:57.0564 3008        adp94xx - ok
12:44:57.0590 3008        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:44:57.0604 3008        adpahci - ok
12:44:57.0641 3008        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:44:57.0650 3008        adpu160m - ok
12:44:57.0679 3008        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:44:57.0688 3008        adpu320 - ok
12:44:57.0846 3008        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:44:57.0917 3008        AFD - ok
12:44:57.0965 3008        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:44:57.0976 3008        agp440 - ok
12:44:58.0002 3008        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:44:58.0012 3008        aic78xx - ok
12:44:58.0035 3008        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:44:58.0044 3008        aliide - ok
12:44:58.0060 3008        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:44:58.0070 3008        amdagp - ok
12:44:58.0169 3008        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:44:58.0179 3008        amdide - ok
12:44:58.0193 3008        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:44:58.0372 3008        AmdK7 - ok
12:44:58.0480 3008        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:44:58.0581 3008        AmdK8 - ok
12:44:58.0738 3008        AnyDVD          (6ddda7f2deabf1e80acee14fe85c1d4f) C:\Windows\system32\Drivers\AnyDVD.sys
12:44:58.0768 3008        AnyDVD - ok
12:44:58.0806 3008        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:44:58.0818 3008        arc - ok
12:44:58.0841 3008        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:44:58.0852 3008        arcsas - ok
12:44:58.0892 3008        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:44:58.0940 3008        AsyncMac - ok
12:44:58.0972 3008        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:44:58.0983 3008        atapi - ok
12:44:59.0067 3008        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:44:59.0084 3008        avgntflt - ok
12:44:59.0126 3008        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
12:44:59.0139 3008        avipbb - ok
12:44:59.0153 3008        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:44:59.0163 3008        avkmgr - ok
12:44:59.0200 3008        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:44:59.0248 3008        Beep - ok
12:44:59.0314 3008        blbdrive - ok
12:44:59.0390 3008        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:44:59.0457 3008        bowser - ok
12:44:59.0518 3008        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:44:59.0602 3008        BrFiltLo - ok
12:44:59.0674 3008        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:44:59.0740 3008        BrFiltUp - ok
12:44:59.0781 3008        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:44:59.0887 3008        Brserid - ok
12:44:59.0929 3008        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:45:00.0016 3008        BrSerWdm - ok
12:45:00.0048 3008        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:45:00.0115 3008        BrUsbMdm - ok
12:45:00.0193 3008        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:45:00.0263 3008        BrUsbSer - ok
12:45:00.0291 3008        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:45:00.0359 3008        BTHMODEM - ok
12:45:00.0424 3008        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:00.0519 3008        cdfs - ok
12:45:00.0590 3008        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:00.0644 3008        cdrom - ok
12:45:00.0681 3008        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:45:00.0757 3008        circlass - ok
12:45:00.0803 3008        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:45:00.0823 3008        CLFS - ok
12:45:00.0860 3008        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:45:00.0871 3008        cmdide - ok
12:45:00.0898 3008        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
12:45:00.0909 3008        Compbatt - ok
12:45:00.0981 3008        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:45:00.0992 3008        crcdisk - ok
12:45:01.0074 3008        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:45:01.0118 3008        Crusoe - ok
12:45:01.0217 3008        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:45:01.0272 3008        DfsC - ok
12:45:01.0369 3008        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:45:01.0379 3008        disk - ok
12:45:01.0430 3008        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:45:01.0452 3008        drmkaud - ok
12:45:01.0526 3008        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:01.0551 3008        DXGKrnl - ok
12:45:01.0581 3008        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:45:01.0637 3008        E1G60 - ok
12:45:01.0706 3008        EagleNT - ok
12:45:01.0746 3008        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:45:01.0759 3008        Ecache - ok
12:45:01.0832 3008        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:45:01.0842 3008        ElbyCDIO - ok
12:45:01.0888 3008        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:45:01.0905 3008        elxstor - ok
12:45:02.0032 3008        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:45:02.0093 3008        exfat - ok
12:45:02.0147 3008        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:45:02.0185 3008        fastfat - ok
12:45:02.0209 3008        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:45:02.0258 3008        fdc - ok
12:45:02.0352 3008        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:45:02.0364 3008        FileInfo - ok
12:45:02.0425 3008        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:45:02.0468 3008        Filetrace - ok
12:45:02.0520 3008        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:02.0585 3008        flpydisk - ok
12:45:02.0696 3008        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:45:02.0723 3008        FltMgr - ok
12:45:02.0755 3008        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:02.0800 3008        Fs_Rec - ok
12:45:02.0841 3008        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:45:02.0853 3008        gagp30kx - ok
12:45:02.0991 3008        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:45:03.0027 3008        HdAudAddService - ok
12:45:03.0075 3008        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:45:03.0174 3008        HDAudBus - ok
12:45:03.0285 3008        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:45:03.0418 3008        HidBth - ok
12:45:03.0447 3008        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:45:03.0520 3008        HidIr - ok
12:45:03.0570 3008        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:03.0622 3008        HidUsb - ok
12:45:03.0724 3008        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:45:03.0732 3008        HpCISSs - ok
12:45:03.0795 3008        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:45:03.0849 3008        HTTP - ok
12:45:03.0869 3008        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:45:03.0878 3008        i2omp - ok
12:45:03.0921 3008        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:45:03.0949 3008        i8042prt - ok
12:45:04.0053 3008        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:45:04.0067 3008        iaStorV - ok
12:45:04.0099 3008        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:45:04.0109 3008        iirsp - ok
12:45:04.0155 3008        InCDfs          (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys
12:45:04.0164 3008        InCDfs - ok
12:45:04.0177 3008        InCDPass        (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys
12:45:04.0185 3008        InCDPass - ok
12:45:04.0227 3008        InCDrec        (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys
12:45:04.0235 3008        InCDrec - ok
12:45:04.0297 3008        incdrm          (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys
12:45:04.0306 3008        incdrm - ok
12:45:04.0348 3008        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
12:45:04.0357 3008        intelide - ok
12:45:04.0376 3008        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:04.0440 3008        intelppm - ok
12:45:04.0492 3008        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:04.0534 3008        IpFilterDriver - ok
12:45:04.0565 3008        IpInIp - ok
12:45:04.0586 3008        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:45:04.0646 3008        IPMIDRV - ok
12:45:04.0734 3008        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:45:04.0782 3008        IPNAT - ok
12:45:04.0828 3008        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:45:04.0869 3008        IRENUM - ok
12:45:04.0920 3008        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:45:04.0931 3008        isapnp - ok
12:45:04.0990 3008        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:45:05.0008 3008        iScsiPrt - ok
12:45:05.0085 3008        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:45:05.0106 3008        iteatapi - ok
12:45:05.0130 3008        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:45:05.0152 3008        iteraid - ok
12:45:05.0195 3008        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:05.0217 3008        kbdclass - ok
12:45:05.0254 3008        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:05.0297 3008        kbdhid - ok
12:45:05.0414 3008        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:05.0440 3008        KSecDD - ok
12:45:05.0487 3008        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:05.0538 3008        lltdio - ok
12:45:05.0608 3008        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:45:05.0620 3008        LSI_FC - ok
12:45:05.0670 3008        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:45:05.0682 3008        LSI_SAS - ok
12:45:05.0720 3008        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:45:05.0732 3008        LSI_SCSI - ok
12:45:05.0817 3008        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:45:05.0873 3008        luafv - ok
12:45:05.0944 3008        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:45:05.0963 3008        megasas - ok
12:45:06.0025 3008        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:45:06.0063 3008        Modem - ok
12:45:06.0164 3008        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:45:06.0213 3008        monitor - ok
12:45:06.0243 3008        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:06.0253 3008        mouclass - ok
12:45:06.0290 3008        mouhid          (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
12:45:06.0364 3008        mouhid - ok
12:45:06.0396 3008        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:45:06.0409 3008        MountMgr - ok
12:45:06.0490 3008        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:45:06.0500 3008        mpio - ok
12:45:06.0553 3008        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:45:06.0594 3008        mpsdrv - ok
12:45:06.0662 3008        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:45:06.0673 3008        Mraid35x - ok
12:45:06.0711 3008        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:45:06.0754 3008        MRxDAV - ok
12:45:06.0884 3008        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:06.0930 3008        mrxsmb - ok
12:45:06.0968 3008        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:06.0986 3008        mrxsmb10 - ok
12:45:07.0005 3008        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:07.0042 3008        mrxsmb20 - ok
12:45:07.0087 3008        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:45:07.0098 3008        msahci - ok
12:45:07.0144 3008        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:45:07.0166 3008        msdsm - ok
12:45:07.0254 3008        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:45:07.0296 3008        Msfs - ok
12:45:07.0327 3008        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:45:07.0335 3008        msisadrv - ok
12:45:07.0377 3008        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:07.0420 3008        MSKSSRV - ok
12:45:07.0446 3008        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:07.0487 3008        MSPCLOCK - ok
12:45:07.0530 3008        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:45:07.0554 3008        MSPQM - ok
12:45:07.0595 3008        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:45:07.0608 3008        MsRPC - ok
12:45:07.0678 3008        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:45:07.0687 3008        mssmbios - ok
12:45:07.0731 3008        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:45:07.0767 3008        MSTEE - ok
12:45:07.0775 3008        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:45:07.0785 3008        Mup - ok
12:45:07.0843 3008        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:07.0869 3008        NativeWifiP - ok
12:45:07.0912 3008        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:45:07.0962 3008        NDIS - ok
12:45:08.0051 3008        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:08.0079 3008        NdisTapi - ok
12:45:08.0123 3008        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:08.0151 3008        Ndisuio - ok
12:45:08.0200 3008        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:08.0223 3008        NdisWan - ok
12:45:08.0254 3008        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:45:08.0281 3008        NDProxy - ok
12:45:08.0354 3008        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:45:08.0381 3008        NetBIOS - ok
12:45:08.0409 3008        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:45:08.0456 3008        netbt - ok
12:45:08.0532 3008        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:45:08.0544 3008        nfrd960 - ok
12:45:08.0576 3008        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:45:08.0601 3008        Npfs - ok
12:45:08.0701 3008        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:45:08.0740 3008        nsiproxy - ok
12:45:08.0818 3008        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:45:08.0870 3008        Ntfs - ok
12:45:08.0972 3008        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:45:09.0042 3008        ntrigdigi - ok
12:45:09.0065 3008        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:45:09.0099 3008        Null - ok
12:45:09.0363 3008        nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:09.0753 3008        nvlddmkm - ok
12:45:09.0857 3008        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:45:09.0865 3008        nvraid - ok
12:45:09.0902 3008        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
12:45:09.0929 3008        nvstor - ok
12:45:09.0980 3008        nvstor32        (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
12:45:09.0987 3008        nvstor32 - ok
12:45:10.0040 3008        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:45:10.0050 3008        nv_agp - ok
12:45:10.0129 3008        NwlnkFlt - ok
12:45:10.0143 3008        NwlnkFwd - ok
12:45:10.0171 3008        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:45:10.0228 3008        ohci1394 - ok
12:45:10.0277 3008        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
12:45:10.0306 3008        Parport - ok
12:45:10.0331 3008        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:45:10.0343 3008        partmgr - ok
12:45:10.0414 3008        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
12:45:10.0445 3008        Parvdm - ok
12:45:10.0470 3008        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:45:10.0485 3008        pci - ok
12:45:10.0498 3008        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:45:10.0508 3008        pciide - ok
12:45:10.0547 3008        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:45:10.0560 3008        pcmcia - ok
12:45:10.0601 3008        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:45:10.0721 3008        PEAUTH - ok
12:45:10.0865 3008        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:10.0913 3008        PptpMiniport - ok
12:45:10.0962 3008        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:45:11.0038 3008        Processor - ok
12:45:11.0106 3008        prodrv06        (18d9789a4664bf417eea944d2776091a) C:\Windows\System32\drivers\prodrv06.sys
12:45:11.0121 3008        prodrv06 ( UnsignedFile.Multi.Generic ) - warning
12:45:11.0122 3008        prodrv06 - detected UnsignedFile.Multi.Generic (1)
12:45:11.0231 3008        prohlp02        (8cc9671a7ed2902e747ee0892e1c8575) C:\Windows\system32\drivers\prohlp02.sys
12:45:11.0238 3008        prohlp02 ( UnsignedFile.Multi.Generic ) - warning
12:45:11.0238 3008        prohlp02 - detected UnsignedFile.Multi.Generic (1)
12:45:11.0264 3008        prosync1        (960bce3ed38761b446aabac06c76badf) C:\Windows\system32\drivers\prosync1.sys
12:45:11.0287 3008        prosync1 ( UnsignedFile.Multi.Generic ) - warning
12:45:11.0287 3008        prosync1 - detected UnsignedFile.Multi.Generic (1)
12:45:11.0328 3008        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:45:11.0362 3008        PSched - ok
12:45:11.0483 3008        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:45:11.0566 3008        ql2300 - ok
12:45:11.0592 3008        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:45:11.0616 3008        ql40xx - ok
12:45:11.0666 3008        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:45:11.0720 3008        QWAVEdrv - ok
12:45:11.0810 3008        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:11.0831 3008        RasAcd - ok
12:45:11.0857 3008        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:11.0883 3008        Rasl2tp - ok
12:45:11.0911 3008        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:11.0932 3008        RasPppoe - ok
12:45:12.0028 3008        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:12.0063 3008        RasSstp - ok
12:45:12.0103 3008        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:12.0144 3008        rdbss - ok
12:45:12.0182 3008        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:12.0206 3008        RDPCDD - ok
12:45:12.0312 3008        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:45:12.0376 3008        rdpdr - ok
12:45:12.0385 3008        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:45:12.0410 3008        RDPENCDD - ok
12:45:12.0459 3008        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:45:12.0489 3008        RDPWD - ok
12:45:12.0604 3008        ROOTMODEM      (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:45:12.0640 3008        ROOTMODEM - ok
12:45:12.0713 3008        RRNetCap        (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
12:45:12.0722 3008        RRNetCap - ok
12:45:12.0733 3008        RRNetCapMP      (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
12:45:12.0742 3008        RRNetCapMP - ok
12:45:12.0772 3008        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:12.0801 3008        rspndr - ok
12:45:12.0881 3008        RTL8023xp      (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
12:45:12.0958 3008        RTL8023xp - ok
12:45:13.0004 3008        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:45:13.0017 3008        sbp2port - ok
12:45:13.0083 3008        SCR3XX2K        (624795df1993b955b0c0a03a4612f2ec) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
12:45:13.0113 3008        SCR3XX2K - ok
12:45:13.0129 3008        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:45:13.0190 3008        secdrv - ok
12:45:13.0282 3008        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:45:13.0319 3008        Serenum - ok
12:45:13.0365 3008        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:45:13.0422 3008        Serial - ok
12:45:13.0472 3008        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:45:13.0502 3008        sermouse - ok
12:45:13.0639 3008        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:45:13.0705 3008        sffdisk - ok
12:45:13.0732 3008        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:13.0785 3008        sffp_mmc - ok
12:45:13.0802 3008        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:45:13.0865 3008        sffp_sd - ok
12:45:13.0905 3008        sfhlp01        (462aee0ea0481ea8bd45cac876a4ccc4) C:\Windows\system32\drivers\sfhlp01.sys
12:45:13.0920 3008        sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
12:45:13.0920 3008        sfhlp01 - detected UnsignedFile.Multi.Generic (1)
12:45:14.0017 3008        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:45:14.0072 3008        sfloppy - ok
12:45:14.0131 3008        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:45:14.0142 3008        sisagp - ok
12:45:14.0163 3008        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:45:14.0172 3008        SiSRaid2 - ok
12:45:14.0189 3008        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:45:14.0199 3008        SiSRaid4 - ok
12:45:14.0331 3008        skfiltv        (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\skfiltv.sys
12:45:14.0361 3008        skfiltv - ok
12:45:14.0410 3008        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:45:14.0431 3008        Smb - ok
12:45:14.0464 3008        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:45:14.0474 3008        spldr - ok
12:45:14.0577 3008        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:45:14.0617 3008        srv - ok
12:45:14.0677 3008        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:45:14.0709 3008        srv2 - ok
12:45:14.0740 3008        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:14.0763 3008        srvnet - ok
12:45:14.0833 3008        SSHDRV85        (f0be373861a3f34cfab55c1b7ce1feb5) C:\Windows\system32\drivers\SSHDRV85.sys
12:45:14.0839 3008        SSHDRV85 ( UnsignedFile.Multi.Generic ) - warning
12:45:14.0839 3008        SSHDRV85 - detected UnsignedFile.Multi.Generic (1)
12:45:14.0912 3008        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:45:14.0931 3008        ssmdrv - ok
12:45:15.0031 3008        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:45:15.0042 3008        swenum - ok
12:45:15.0102 3008        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:45:15.0113 3008        Symc8xx - ok
12:45:15.0137 3008        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:45:15.0147 3008        Sym_hi - ok
12:45:15.0173 3008        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:45:15.0184 3008        Sym_u3 - ok
12:45:15.0254 3008        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:45:15.0330 3008        Tcpip - ok
12:45:15.0441 3008        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:15.0525 3008        Tcpip6 - ok
12:45:15.0608 3008        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:45:15.0638 3008        tcpipreg - ok
12:45:15.0679 3008        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:45:15.0734 3008        TDPIPE - ok
12:45:15.0765 3008        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:45:15.0801 3008        TDTCP - ok
12:45:15.0876 3008        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:45:15.0910 3008        tdx - ok
12:45:15.0949 3008        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:45:15.0962 3008        TermDD - ok
12:45:16.0014 3008        tosporte        (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
12:45:16.0055 3008        tosporte - ok
12:45:16.0159 3008        tosrfbd        (a594dbd80ca5426e2e558bf79195a110) C:\Windows\system32\DRIVERS\tosrfbd.sys
12:45:16.0220 3008        tosrfbd - ok
12:45:16.0272 3008        tosrfbnp        (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
12:45:16.0318 3008        tosrfbnp - ok
12:45:16.0374 3008        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
12:45:16.0425 3008        Tosrfcom - ok
12:45:16.0517 3008        Tosrfhid        (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:45:16.0551 3008        Tosrfhid - ok
12:45:16.0607 3008        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
12:45:16.0640 3008        tosrfnds - ok
12:45:16.0683 3008        TosRfSnd        (7c0999169ef696f10761bf8275027330) C:\Windows\system32\drivers\tosrfsnd.sys
12:45:16.0727 3008        TosRfSnd - ok
12:45:16.0816 3008        Tosrfusb        (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
12:45:16.0840 3008        Tosrfusb - ok
12:45:16.0906 3008        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:16.0941 3008        tssecsrv - ok
12:45:16.0992 3008        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:45:17.0035 3008        tunmp - ok
12:45:17.0109 3008        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:17.0124 3008        tunnel - ok
12:45:17.0154 3008        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:45:17.0166 3008        uagp35 - ok
12:45:17.0231 3008        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:45:17.0258 3008        udfs - ok
12:45:17.0301 3008        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:45:17.0313 3008        uliagpkx - ok
12:45:17.0337 3008        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:45:17.0353 3008        uliahci - ok
12:45:17.0383 3008        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:45:17.0397 3008        UlSata - ok
12:45:17.0499 3008        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:45:17.0522 3008        ulsata2 - ok
12:45:17.0576 3008        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:45:17.0613 3008        umbus - ok
12:45:17.0657 3008        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:45:17.0694 3008        usbaudio - ok
12:45:17.0764 3008        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:17.0804 3008        usbccgp - ok
12:45:17.0859 3008        USBCCID        (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
12:45:17.0899 3008        USBCCID - ok
12:45:17.0935 3008        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:45:18.0007 3008        usbcir - ok
12:45:18.0095 3008        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:18.0128 3008        usbehci - ok
12:45:18.0174 3008        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:18.0201 3008        usbhub - ok
12:45:18.0214 3008        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:18.0250 3008        usbohci - ok
12:45:18.0338 3008        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:18.0369 3008        usbprint - ok
12:45:18.0398 3008        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:18.0462 3008        USBSTOR - ok
12:45:18.0506 3008        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
12:45:18.0561 3008        usbuhci - ok
12:45:18.0589 3008        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:18.0662 3008        vga - ok
12:45:18.0741 3008        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:45:18.0772 3008        VgaSave - ok
12:45:18.0802 3008        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:45:18.0814 3008        viaagp - ok
12:45:18.0836 3008        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:45:18.0901 3008        ViaC7 - ok
12:45:18.0957 3008        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:45:18.0968 3008        viaide - ok
12:45:19.0010 3008        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:45:19.0023 3008        volmgr - ok
12:45:19.0106 3008        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:45:19.0123 3008        volmgrx - ok
12:45:19.0160 3008        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:45:19.0177 3008        volsnap - ok
12:45:19.0225 3008        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:45:19.0239 3008        vsmraid - ok
12:45:19.0362 3008        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:45:19.0473 3008        WacomPen - ok
12:45:19.0511 3008        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:19.0553 3008        Wanarp - ok
12:45:19.0559 3008        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:19.0587 3008        Wanarpv6 - ok
12:45:19.0658 3008        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:45:19.0668 3008        Wd - ok
12:45:19.0720 3008        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:45:19.0780 3008        Wdf01000 - ok
12:45:19.0979 3008        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:45:20.0052 3008        WmiAcpi - ok
12:45:20.0122 3008        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:20.0165 3008        ws2ifsl - ok
12:45:20.0220 3008        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:20.0264 3008        WUDFRd - ok
12:45:20.0307 3008        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:45:20.0419 3008        \Device\Harddisk0\DR0 - ok
12:45:20.0459 3008        Boot (0x1200)  (bb0bc1eabc9dbccfbe227c33a9ad1b88) \Device\Harddisk0\DR0\Partition0
12:45:20.0460 3008        \Device\Harddisk0\DR0\Partition0 - ok
12:45:20.0471 3008        Boot (0x1200)  (ab7af765bdc39e23858dc6cbe8fa1838) \Device\Harddisk0\DR0\Partition1
12:45:20.0472 3008        \Device\Harddisk0\DR0\Partition1 - ok
12:45:20.0478 3008        ============================================================
12:45:20.0478 3008        Scan finished
12:45:20.0478 3008        ============================================================
12:45:20.0504 3568        Detected object count: 5
12:45:20.0505 3568        Actual detected object count: 5
12:45:45.0071 3568        prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:45.0071 3568        prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:45.0077 3568        prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:45.0077 3568        prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:45.0083 3568        prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:45.0083 3568        prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:45.0088 3568        sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:45.0088 3568        sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:45.0093 3568        SSHDRV85 ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:45.0093 3568        SSHDRV85 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 08.02.2012 12:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hattinger 08.02.2012 16:20
okay hier ist die Combofix log :
Code:
ComboFix 12-02-08.01 - Lukas 08.02.2012  16:04:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.2372 [GMT 1:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lukas\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-08 bis 2012-02-08  ))))))))))))))))))))))))))))))
.
.
2012-02-07 20:44 . 2012-02-07 20:44        --------        d-----w-        C:\_OTL
2012-02-07 14:28 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{02830396-828C-4B01-81C4-4A6FEE264298}\mpengine.dll
2012-02-06 18:27 . 2012-02-06 18:27        --------        d-----w-        c:\program files\ESET
2012-02-06 17:05 . 2012-02-06 17:05        --------        d-----w-        c:\users\Lukas\AppData\Roaming\Malwarebytes
2012-02-06 17:05 . 2012-02-06 17:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-06 17:05 . 2012-02-06 17:05        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-06 17:05 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-01 19:13 . 2012-02-01 19:15        --------        d-----w-        c:\users\Lukas\AppData\Local\jZip
2012-02-01 19:13 . 2012-02-01 19:13        --------        d-----w-        c:\program files\jZip
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-05 20:43        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-26 11:50 . 2011-05-26 16:06        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 17:59 . 2011-12-02 17:50        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-23 13:37 . 2012-01-07 17:14        2043904        ----a-w-        c:\windows\system32\win32k.sys
2011-11-10 19:18 . 2011-11-10 19:18        2829        ----a-w-        c:\windows\War3Unin.pif
2011-11-10 19:18 . 2011-11-10 19:18        126976        ----a-w-        c:\windows\War3Unin.exe
2012-02-04 12:11 . 2011-04-30 23:56        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-08-08 2937528]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVE.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"VolPanel"="c:\program files\USB Headsets\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-08-05 249856]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Lukas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38        34672        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45247663
*Deregistered* - 45247663
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 17:24]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 08:37]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 08:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\fwgaeijc.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-NCsoft Launcher - c:\program files\ncsoft\launcher\NCLauncher.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-08 16:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2855818782-257505807-4062626904-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2012-02-08  16:13:06
ComboFix-quarantined-files.txt  2012-02-08 15:12
.
Vor Suchlauf: 10 Verzeichnis(se), 177.080.352.768 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 177.351.163.904 Bytes frei
.
- - End Of File - - EB89938DC2DF76A25C1E685E1E5AD10A

cosinus 08.02.2012 16:25
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131