Trojaner-Board
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   unbekannter Virus, blockiert Antivir, MBAM, Otl etc. (https://www.trojaner-board.de/106537-unbekannter-virus-blockiert-antivir-mbam-otl-etc.html)

Chris4You 20.12.2011 10:37
Hi,

oh je... Dann länger den Einschaltknopf drücken...

chris

Larina 20.12.2011 10:46
Hi,

gemacht, neu gestartet, MAM neu installiert, beim ersten Scanversuch abgestürzt (nach 5 Sek) und dann bekannte Fehlermeldung geliefert...

Larina

Chris4You 20.12.2011 11:05
Hi,

führen wir als letztes vor dem Neuaufsetzen folgendes durch:
Überprüfen der Festplatte auf Fehler

Frage: Ein HW-Fehler (Lüfter läuft nicht, die Lüftungsschlitze sind zu etc.) kanne snicht sein?

chris

Larina 20.12.2011 11:08
Hi,

ich denke nicht, dass es ein HW-Fehler ist...das Notebook wird nur selten bewegt und meines Erachtens nach läuft der Lüfter ganz normal.
Ich prüfe dann also mal die Platte auf Fehler.

Larina

Larina 20.12.2011 13:53
Hi,

die Festplatte hat 2 Partitionen:
Data ( E: ) - alles ok
Vista ( C: ) - kommt kurz eine Meldung, die - soweit ich es lesen konnte (war sehr schnell wieder weg...) - lautet: 'Volume kann für direkten Zugriff nicht geöffnet werden.'

Larina

Chris4You 20.12.2011 16:03
Hi,

selbst wenn kein exklusiver Zugriff mögich ist, sollte er das melden und anbieten eine Überprüfung beim
nächsten Booten durchzuführen… Das deutet auf einen manipulierten Bootblock hin…

Hast Du eine Vista-CD von der in die Rettungskonsole gebootet werden kann?

Es gibt noch einige andere Möglichkeiten (Ausbau der HD und anschluß an einen anderen Rechner
als Slave), aber ich denke das wird zu kompliziert…

chris

Larina 20.12.2011 16:13
Hi,

die Überprüfung führt er eh nur beim Booten und nicht im laufenden Betrieb durch...
Leider habe ich keine Vista-Cd, Windows war bereits vorinstalliert.
HW-Ausbau ist mir tatsächlich zu kompliziert, zumal ich im Moment auch kein Werkzeug (Schraubenzieher o.ä.) zur Hand habe.

Larina

Chris4You 20.12.2011 17:53
Hi,

aber er überprüft nicht, oder...?
Iregndwie kommen wir so nicht weiter..
Was mich irritiert ist, das MAM erst anläuft und dann abstürzt, das ist für Malware "untypisch", entweder der Start wird komplett unterbunden...

Wenn keine Vista-CDda ist, dann fällt auch sfc /scannow aus (das würde versuchen das System zu reparieren...

Letzter Versuch...
Lade Dir die passende Version von Hitman pro Downloads - SurfRight, den cloudbasierten Scanner auswählen... und laufen lassen...

chris

Larina 20.12.2011 19:23
Hi,

er lässt es ja nur beim ersten Start nach der Installation zu, danach verhindert er es immer...
Hitman ist gelaufen und hat folgendes gefunden und (zumindest angeblich) behoben:
Code:
C:\Windows\DRIVERS\cdrom.sys -> Rootkit (G Data: Gen:Variant.TDss.15 (Engine-A); DrWeb: Trojan.NtRootKit.12040; IKARUS : Rootkit.Win32.ZAccess!IK)
C:\Windows\system32\TODDSrv.exe -> Trojan (G Data: Trojan.Generic.KDV.268357 (Engine-A); DrWeb: Trojan.Starter.1695; IKARUS : Trojan-Spy.Win32.Zbot!IK)
Zudem etliche Tracking Cookies
Die ausführliche log-Datei ist im Anhang.
Computer ist neu gestartet und im Moment läuft CHKDSK (bei 20%).

Larina

Larina 20.12.2011 20:03
Hi,

Datenträgerüberprüfung ergab: Keine Fehler.
Ich habe jetzt MAM neu installiert und es läuft (zum Glück).
Ich habe erstmal Quick Scan ausgewählt. Hier die entsprechende log-Datei:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.12.2011 20:01:05
mbam-log-2011-12-20 (20-01-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160736
Laufzeit: 2 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fb0c32de (Backdoor.0Access) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\3727822075:83086625.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
Larina

Edit: Ich lasse jetzt auch mal einen vollständigen Scan durchführen.

Larina 20.12.2011 21:04
Hi,

hier die log-Datei des vollständigen Scans:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20.12.2011 21:00:00
mbam-log-2011-12-20 (21-00-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 352269
Laufzeit: 54 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Gisela\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\QTFCR0MO\2[1].#xe (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.
Was sollte ich jetzt am besten machen?

Larina

Chris4You 20.12.2011 21:07
Hi,

jahuuuuuuuuuu!
Haben wir die Saubacke endlich...
Nach dem Fullscann noch OTL-Log und
TDSS-Killer
TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Bin jetzt Mißtrauisch, daher noch:
MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

chris
Ps.: OTL hat es teilweise geschafft, die Rootkit-Treiber waren das eigentliche Problem...
c:\_OTL\movedfiles\12202011_095314\C_Users\Gisela\AppData\Local\fb0c32de\X.# (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\12202011_095314\c_windows\System32\c_16283.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.

Larina 20.12.2011 22:13
Hi,

hier die Ergebnisse:
Otl.txt
OTL Logfile:
Code:
OTL logfile created on: 20.12.2011 21:56:23 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free
3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS
Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT
 
Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.20 21:55:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.08 10:57:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008.05.09 10:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.04.16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.03.06 09:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (VMCService)
SRV - File not found [Auto | Stopped] --  -- (TNaviSrv)
SRV - File not found [Auto | Stopped] --  -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] --  -- (ConfigFree Service)
SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.04.16 14:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 08:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 08:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.08 23:29:17 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.09.02 14:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008.07.18 17:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.05.19 19:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.28 15:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 21:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http:gmx.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 19:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 11:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.31 20:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009.06.05 13:41:37 | 000,000,000 | ---D | M]
 
[2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions
[2010.10.06 09:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.14 23:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions
[2010.08.20 18:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 20:23:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.21 19:51:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.01.08 20:18:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gisela\AppData\Roaming\mozilla\Firefox\Profiles\cxtagmqf.default\extensions\searchrecs@veoh.com
[2011.12.16 19:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-1.xml
[2010.09.18 15:28:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-10.xml
[2010.10.25 13:25:07 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-11.xml
[2010.11.03 11:45:10 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-12.xml
[2010.12.11 17:12:37 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-13.xml
[2011.03.28 09:35:32 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-14.xml
[2011.04.24 11:42:27 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-15.xml
[2010.01.11 21:37:52 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-2.xml
[2010.02.20 09:26:43 | 000,000,954 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-3.xml
[2010.03.15 20:28:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-4.xml
[2010.03.24 21:12:49 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-5.xml
[2010.04.03 20:41:47 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-6.xml
[2010.07.01 09:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-7.xml
[2010.07.26 22:47:08 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-8.xml
[2010.09.09 20:30:39 | 000,000,943 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin-9.xml
[2009.12.16 21:52:45 | 000,000,944 | ---- | M] () -- C:\Users\Gisela\AppData\Roaming\Mozilla\Firefox\Profiles\cxtagmqf.default\searchplugins\icqplugin.xml
[2011.12.17 10:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.10 19:46:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.17 10:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\GISELA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CXTAGMQF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.02 19:50:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.02 19:50:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.02 19:50:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.02 19:50:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.02 19:50:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.02 19:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.02 19:50:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Gisela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F49342F-B661-4B69-AED5-38E0260223EB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG
O24 - Desktop BackupWallPaper: C:\Users\Gisela\Desktop\Bilder\Jagd Schleifer 2011\wieder angekommen 2.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{001a1a62-8b4b-11de-a467-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e061b24-8e80-11de-9ff2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cf454e6-8c22-11de-a058-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell - "" = AutoRun
O33 - MountPoints2\{5cbd67fb-ccb6-11de-bba6-85b1694fd61f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell - "" = AutoRun
O33 - MountPoints2\{787d7a76-8b49-11de-a3d8-001e339f7ce2}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.12.20 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.20 15:53:16 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.12.20 15:53:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.17 10:41:11 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\QuickScan
[2011.12.17 10:20:09 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Malwarebytes
[2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.17 10:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.17 10:20:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.17 10:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.17 10:06:46 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Avira
[2011.12.17 10:06:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.17 10:06:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.17 10:06:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.17 08:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.16 19:47:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.16 19:47:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.16 19:47:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.16 19:47:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.16 19:47:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.16 19:46:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.15 12:07:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.15 12:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.15 12:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.15 12:06:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 12:06:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.15 12:06:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.09 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4
[2011.12.04 21:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.12.02 20:36:47 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.12.02 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.12.02 20:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\drivers\
File not found -- C:\Windows\System32\
[2011.12.20 21:58:27 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.20 21:58:27 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.20 21:58:27 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.20 21:58:27 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.20 21:31:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:02:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.20 21:02:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.20 21:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.20 21:02:04 | 2009,075,712 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.20 19:49:40 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.20 19:00:55 | 000,000,598 | ---- | M] () -- C:\Windows\System32\.crusader
[2011.12.20 13:50:24 | 000,000,000 | ---- | M] () -- C:\Windows\3727822075
[2011.12.19 10:40:33 | 000,000,020 | ---- | M] () -- C:\Users\Gisela\defogger_reenable
[2011.12.19 10:37:58 | 000,302,592 | ---- | M] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011.12.19 10:36:38 | 000,584,192 | ---- | M] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011.12.19 10:36:20 | 000,050,477 | ---- | M] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011.12.18 21:32:53 | 000,020,992 | ---- | M] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.18 15:53:26 | 000,001,356 | ---- | M] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2011.12.18 15:01:17 | 195,131,308 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.17 11:57:16 | 000,388,608 | ---- | M] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011.12.17 09:20:07 | 307,472,120 | ---- | M] () -- C:\Users\Gisela\Documents\17122011.reg
[2011.12.16 23:28:11 | 000,366,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.12 09:18:11 | 000,013,033 | ---- | M] () -- C:\Users\Gisela\Documents\Kopischke.odt
[2011.12.11 20:42:31 | 000,004,944 | ---- | M] () -- C:\Users\Gisela\untitled4_MAS.bak
[2011.12.11 20:41:25 | 000,005,112 | ---- | M] () -- C:\Users\Gisela\untitled3_MAS.bak
[2011.12.11 20:40:57 | 000,004,296 | ---- | M] () -- C:\Users\Gisela\untitled2_MAS.bak
[2011.12.11 20:09:47 | 000,002,400 | ---- | M] () -- C:\Users\Gisela\untitled1_MAS.bak
[2011.12.09 19:23:51 | 000,001,891 | ---- | M] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011.12.04 21:18:42 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.12.02 20:36:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.26 23:31:01 | 000,041,395 | ---- | M] () -- C:\Users\Gisela\Documents\Wendy Gutachter.odt
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.20 19:00:55 | 000,000,598 | ---- | C] () -- C:\Windows\System32\.crusader
[2011.12.20 18:35:25 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.20 10:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\3727822075
[2011.12.20 08:01:43 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL (2).exe
[2011.12.20 07:56:26 | 2009,075,712 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.19 10:49:45 | 000,302,592 | ---- | C] () -- C:\Users\Gisela\Desktop\4oxrfg5s.exe
[2011.12.19 10:43:12 | 000,584,192 | ---- | C] () -- C:\Users\Gisela\Desktop\OTL.exe
[2011.12.19 10:39:53 | 000,000,020 | ---- | C] () -- C:\Users\Gisela\defogger_reenable
[2011.12.19 10:39:15 | 000,050,477 | ---- | C] () -- C:\Users\Gisela\Desktop\Defogger.exe
[2011.12.18 14:52:14 | 000,388,608 | ---- | C] () -- C:\Users\Gisela\Desktop\HiJackThis204.exe
[2011.12.17 09:19:38 | 307,472,120 | ---- | C] () -- C:\Users\Gisela\Documents\17122011.reg
[2011.12.16 23:25:14 | 195,131,308 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.11 20:09:47 | 000,002,400 | ---- | C] () -- C:\Users\Gisela\untitled1_MAS.bak
[2011.12.09 19:23:51 | 000,001,891 | ---- | C] () -- C:\Users\Gisela\Desktop\GeoGebra 4.lnk
[2011.12.02 20:36:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.09.02 19:07:58 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.09.02 19:07:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.09.02 19:07:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.09.02 19:07:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.09.02 19:07:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.09.02 19:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.09.02 19:02:41 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.01.14 22:17:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.01.14 22:17:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.01.14 22:17:27 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009.10.30 22:15:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.11 20:20:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 20:20:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 20:19:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.28 16:28:14 | 000,001,356 | ---- | C] () -- C:\Users\Gisela\AppData\Local\d3d9caps.dat
[2009.06.11 10:46:44 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009.06.11 10:46:43 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009.06.11 10:46:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009.05.06 18:03:37 | 000,020,992 | ---- | C] () -- C:\Users\Gisela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 12:00:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009.03.30 11:17:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.03.30 11:17:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.03.30 11:17:26 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.03.30 11:17:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.13 12:59:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.13 12:59:34 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.13 12:59:34 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.13 12:59:34 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.13 12:59:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.13 12:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.13 12:36:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.13 12:36:30 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008.08.13 12:36:29 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.08.13 12:36:27 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008.08.13 11:51:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.04.22 00:46:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.01.21 09:21:25 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:21:25 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:44:53 | 000,366,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---

Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 20.12.2011 21:56:23 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = G:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 58,12% Memory free
3,98 Gb Paging File | 3,20 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 36,30 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 68,05 Gb Free Space | 92,95% Space Free | Partition Type: NTFS
Drive G: | 245,73 Mb Total Space | 243,60 Mb Free Space | 99,14% Space Free | Partition Type: FAT
 
Computer Name: GISELA-PC | User Name: Gisela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4409C460-59B0-4EB6-BB54-CF5BEFA1E672}" = dir=in | app=c:\desktop\powerdirector\pdr.exe |
"{45264540-5051-4691-A91C-359DFBF42523}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6EFA4046-2605-4D7B-8276-4617424AF9EE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{220C7263-851E-4D91-8AEB-0E35FB464748}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9B52B132-DBFF-450C-A977-A555F9F478AB}C:\program files\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"TCP Query User{AB98DD90-54B5-401F-9232-2560D0FAB638}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{BDE0859D-929E-42C9-B512-A59E607355B3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DCF6F3AB-9FEE-474B-AEF0-6214AAF6BA44}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=6 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{400DAD42-7B03-488F-A81C-C42C386E7841}C:\program files\maxima-5.19.2\bin\xmaxima.exe" = protocol=17 | dir=in | app=c:\program files\maxima-5.19.2\bin\xmaxima.exe |
"UDP Query User{63107EAC-D450-4E8E-85F5-03DE4934BFE3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{76AD0DBA-76DD-42B2-9255-3E6DCF9C4693}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{92512D89-335B-4F9A-A795-755C544D9294}C:\program files\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"UDP Query User{F24AE3C5-C421-4C51-9FF5-0C7625CD3FD4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{5782EFD2-603D-4AFA-87EF-7CB54044839C}" = Winfunktion Mathematik plus 17
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A80AC620-12FA-11D5-B287-0050DA4BBA2C}" = Riding Star
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.1f
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Maple 12" = Maple 12
"Maxima-5.19.2_is1" = Maxima 5.19.2
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"myphotobook" = myphotobook 3.6
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2011 07:20:15 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05.07.2011 14:40:59 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 05.07.2011 14:42:12 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2011 05:17:53 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.07.2011 05:19:08 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2011 14:59:52 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.07.2011 15:01:10 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2011 05:19:47 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07.07.2011 05:21:02 | Computer Name = Gisela-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2011 15:42:12 | Computer Name = Gisela-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 15:04:27 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7023
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2011 16:03:50 | Computer Name = Gisela-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Larina 20.12.2011 22:13
TDSSKiller
Code:
22:03:14.0536 1068        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:03:14.0552 1068        ============================================================
22:03:14.0552 1068        Current date / time: 2011/12/20 22:03:14.0552
22:03:14.0552 1068        SystemInfo:
22:03:14.0552 1068       
22:03:14.0552 1068        OS Version: 6.0.6002 ServicePack: 2.0
22:03:14.0552 1068        Product type: Workstation
22:03:14.0552 1068        ComputerName: GISELA-PC
22:03:14.0552 1068        UserName: Gisela
22:03:14.0552 1068        Windows directory: C:\Windows
22:03:14.0552 1068        System windows directory: C:\Windows
22:03:14.0552 1068        Processor architecture: Intel x86
22:03:14.0552 1068        Number of processors: 1
22:03:14.0552 1068        Page size: 0x1000
22:03:14.0552 1068        Boot type: Normal boot
22:03:14.0552 1068        ============================================================
22:03:15.0145 1068        Initialize success
22:03:31.0369 3924        ============================================================
22:03:31.0369 3924        Scan started
22:03:31.0369 3924        Mode: Manual; SigCheck; TDLFS;
22:03:31.0369 3924        ============================================================
22:03:32.0055 3924        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:03:32.0149 3924        ACPI - ok
22:03:32.0305 3924        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:03:32.0336 3924        adp94xx - ok
22:03:32.0445 3924        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:03:32.0461 3924        adpahci - ok
22:03:32.0695 3924        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:03:32.0710 3924        adpu160m - ok
22:03:32.0851 3924        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:03:32.0866 3924        adpu320 - ok
22:03:33.0100 3924        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:03:33.0178 3924        AFD - ok
22:03:33.0475 3924        AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
22:03:33.0709 3924        AgereSoftModem - ok
22:03:34.0161 3924        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:03:34.0161 3924        agp440 - ok
22:03:34.0426 3924        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:03:34.0426 3924        aic78xx - ok
22:03:34.0847 3924        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:03:34.0847 3924        aliide - ok
22:03:34.0957 3924        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:03:34.0972 3924        amdagp - ok
22:03:35.0050 3924        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:03:35.0066 3924        amdide - ok
22:03:35.0128 3924        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:03:35.0237 3924        AmdK7 - ok
22:03:35.0362 3924        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:03:35.0409 3924        AmdK8 - ok
22:03:35.0487 3924        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:03:35.0487 3924        arc - ok
22:03:35.0596 3924        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:03:35.0612 3924        arcsas - ok
22:03:35.0674 3924        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:35.0721 3924        AsyncMac - ok
22:03:35.0783 3924        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:03:35.0799 3924        atapi - ok
22:03:35.0924 3924        athr            (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
22:03:36.0002 3924        athr - ok
22:03:36.0111 3924        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:03:36.0111 3924        avgio - ok
22:03:36.0220 3924        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:03:36.0267 3924        avgntflt - ok
22:03:36.0329 3924        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:03:36.0345 3924        avipbb - ok
22:03:36.0439 3924        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:03:36.0470 3924        Beep - ok
22:03:36.0579 3924        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:03:36.0626 3924        blbdrive - ok
22:03:36.0704 3924        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:03:36.0751 3924        bowser - ok
22:03:36.0829 3924        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:03:36.0907 3924        BrFiltLo - ok
22:03:37.0000 3924        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:03:37.0047 3924        BrFiltUp - ok
22:03:37.0094 3924        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:03:37.0156 3924        Brserid - ok
22:03:37.0219 3924        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:03:37.0281 3924        BrSerWdm - ok
22:03:37.0375 3924        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:03:37.0437 3924        BrUsbMdm - ok
22:03:37.0484 3924        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:03:37.0546 3924        BrUsbSer - ok
22:03:37.0609 3924        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:03:37.0655 3924        BTHMODEM - ok
22:03:37.0733 3924        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:03:37.0796 3924        cdfs - ok
22:03:37.0889 3924        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:03:37.0905 3924        cdrom - ok
22:03:37.0967 3924        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:03:37.0999 3924        circlass - ok
22:03:38.0123 3924        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:03:38.0139 3924        CLFS - ok
22:03:38.0217 3924        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:03:38.0264 3924        CmBatt - ok
22:03:38.0326 3924        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:03:38.0326 3924        cmdide - ok
22:03:38.0404 3924        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:03:38.0420 3924        Compbatt - ok
22:03:38.0513 3924        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:03:38.0529 3924        crcdisk - ok
22:03:38.0591 3924        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:03:38.0623 3924        Crusoe - ok
22:03:38.0794 3924        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:03:38.0810 3924        disk - ok
22:03:38.0903 3924        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:03:38.0950 3924        drmkaud - ok
22:03:39.0044 3924        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:03:39.0059 3924        DXGKrnl - ok
22:03:39.0153 3924        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:03:39.0200 3924        E1G60 - ok
22:03:39.0309 3924        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:03:39.0325 3924        Ecache - ok
22:03:39.0403 3924        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:03:39.0418 3924        ElbyCDIO - ok
22:03:39.0481 3924        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:03:39.0496 3924        elxstor - ok
22:03:39.0559 3924        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:03:39.0605 3924        ErrDev - ok
22:03:39.0715 3924        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:03:39.0761 3924        exfat - ok
22:03:39.0839 3924        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:03:39.0886 3924        fastfat - ok
22:03:39.0980 3924        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:03:39.0995 3924        fdc - ok
22:03:40.0073 3924        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:03:40.0089 3924        FileInfo - ok
22:03:40.0136 3924        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:03:40.0198 3924        Filetrace - ok
22:03:40.0261 3924        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:40.0292 3924        flpydisk - ok
22:03:40.0385 3924        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:03:40.0401 3924        FltMgr - ok
22:03:40.0510 3924        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:03:40.0541 3924        Fs_Rec - ok
22:03:40.0619 3924        FwLnk          (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:03:40.0666 3924        FwLnk - ok
22:03:40.0729 3924        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:03:40.0744 3924        gagp30kx - ok
22:03:40.0853 3924        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:03:40.0916 3924        HdAudAddService - ok
22:03:40.0994 3924        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:03:41.0025 3924        HDAudBus - ok
22:03:41.0087 3924        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:03:41.0150 3924        HidBth - ok
22:03:41.0259 3924        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:03:41.0290 3924        HidIr - ok
22:03:41.0353 3924        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:41.0399 3924        HidUsb - ok
22:03:41.0462 3924        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:03:41.0477 3924        HpCISSs - ok
22:03:41.0540 3924        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:03:41.0587 3924        HSFHWAZL - ok
22:03:41.0696 3924        HSF_DPV        (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:03:41.0789 3924        HSF_DPV - ok
22:03:41.0883 3924        HSXHWAZL        (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:03:41.0945 3924        HSXHWAZL - ok
22:03:42.0055 3924        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
22:03:42.0148 3924        HTTP - ok
22:03:42.0257 3924        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:03:42.0304 3924        hwdatacard - ok
22:03:42.0413 3924        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:03:42.0413 3924        i2omp - ok
22:03:42.0507 3924        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:03:42.0554 3924        i8042prt - ok
22:03:42.0632 3924        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:03:42.0663 3924        iaStor - ok
22:03:42.0725 3924        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:03:42.0725 3924        iaStorV - ok
22:03:42.0881 3924        igfx            (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:03:43.0069 3924        igfx - ok
22:03:43.0162 3924        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:03:43.0178 3924        iirsp - ok
22:03:43.0349 3924        IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:03:43.0599 3924        IntcAzAudAddService - ok
22:03:43.0739 3924        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:03:43.0739 3924        intelide - ok
22:03:43.0786 3924        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:43.0833 3924        intelppm - ok
22:03:43.0911 3924        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:43.0942 3924        IpFilterDriver - ok
22:03:44.0020 3924        IpInIp - ok
22:03:44.0067 3924        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:03:44.0114 3924        IPMIDRV - ok
22:03:44.0176 3924        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:03:44.0192 3924        IPNAT - ok
22:03:44.0254 3924        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:03:44.0285 3924        IRENUM - ok
22:03:44.0379 3924        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:03:44.0379 3924        isapnp - ok
22:03:44.0473 3924        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:03:44.0488 3924        iScsiPrt - ok
22:03:44.0535 3924        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:03:44.0551 3924        iteatapi - ok
22:03:44.0597 3924        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:03:44.0613 3924        iteraid - ok
22:03:44.0691 3924        jswpslwf        (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:03:44.0738 3924        jswpslwf - ok
22:03:44.0831 3924        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:03:44.0831 3924        kbdclass - ok
22:03:44.0894 3924        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:03:44.0941 3924        kbdhid - ok
22:03:45.0019 3924        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:03:45.0034 3924        KSecDD - ok
22:03:45.0112 3924        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:45.0159 3924        lltdio - ok
22:03:45.0253 3924        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:03:45.0268 3924        LSI_FC - ok
22:03:45.0315 3924        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:03:45.0331 3924        LSI_SAS - ok
22:03:45.0424 3924        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:03:45.0440 3924        LSI_SCSI - ok
22:03:45.0471 3924        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:03:45.0533 3924        luafv - ok
22:03:45.0611 3924        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:03:45.0643 3924        mdmxsdk - ok
22:03:45.0736 3924        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:03:45.0736 3924        megasas - ok
22:03:45.0799 3924        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:03:45.0814 3924        MegaSR - ok
22:03:45.0845 3924        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:03:45.0892 3924        Modem - ok
22:03:45.0955 3924        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:03:46.0001 3924        monitor - ok
22:03:46.0079 3924        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:03:46.0095 3924        mouclass - ok
22:03:46.0142 3924        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:46.0157 3924        mouhid - ok
22:03:46.0204 3924        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:03:46.0220 3924        MountMgr - ok
22:03:46.0251 3924        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:03:46.0267 3924        mpio - ok
22:03:46.0329 3924        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:03:46.0345 3924        mpsdrv - ok
22:03:46.0423 3924        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:03:46.0438 3924        Mraid35x - ok
22:03:46.0516 3924        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:03:46.0563 3924        MRxDAV - ok
22:03:46.0625 3924        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:46.0672 3924        mrxsmb - ok
22:03:46.0797 3924        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:46.0828 3924        mrxsmb10 - ok
22:03:46.0875 3924        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:46.0891 3924        mrxsmb20 - ok
22:03:46.0953 3924        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:03:46.0969 3924        msahci - ok
22:03:47.0015 3924        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:03:47.0031 3924        msdsm - ok
22:03:47.0125 3924        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:03:47.0171 3924        Msfs - ok
22:03:47.0249 3924        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:03:47.0249 3924        msisadrv - ok
22:03:47.0312 3924        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:47.0374 3924        MSKSSRV - ok
22:03:47.0483 3924        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:47.0530 3924        MSPCLOCK - ok
22:03:47.0593 3924        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:03:47.0639 3924        MSPQM - ok
22:03:47.0717 3924        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:03:47.0733 3924        MsRPC - ok
22:03:47.0780 3924        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:03:47.0795 3924        mssmbios - ok
22:03:47.0920 3924        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:03:47.0967 3924        MSTEE - ok
22:03:48.0014 3924        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:03:48.0029 3924        Mup - ok
22:03:48.0123 3924        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:48.0154 3924        NativeWifiP - ok
22:03:48.0295 3924        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:03:48.0326 3924        NDIS - ok
22:03:48.0404 3924        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:48.0435 3924        NdisTapi - ok
22:03:48.0482 3924        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:48.0513 3924        Ndisuio - ok
22:03:48.0622 3924        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:48.0653 3924        NdisWan - ok
22:03:48.0700 3924        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:03:48.0731 3924        NDProxy - ok
22:03:48.0794 3924        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:03:48.0841 3924        NetBIOS - ok
22:03:48.0965 3924        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:03:48.0997 3924        netbt - ok
22:03:49.0075 3924        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:03:49.0075 3924        nfrd960 - ok
22:03:49.0168 3924        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:03:49.0199 3924        Npfs - ok
22:03:49.0262 3924        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:03:49.0309 3924        nsiproxy - ok
22:03:49.0465 3924        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:03:49.0511 3924        Ntfs - ok
22:03:49.0574 3924        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:03:49.0621 3924        ntrigdigi - ok
22:03:49.0699 3924        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:03:49.0730 3924        Null - ok
22:03:49.0823 3924        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:03:49.0839 3924        nvraid - ok
22:03:49.0886 3924        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:03:49.0901 3924        nvstor - ok
22:03:49.0948 3924        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:03:49.0948 3924        nv_agp - ok
22:03:49.0995 3924        NwlnkFlt - ok
22:03:50.0026 3924        NwlnkFwd - ok
22:03:50.0120 3924        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:03:50.0167 3924        ohci1394 - ok
22:03:50.0245 3924        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:03:50.0276 3924        Parport - ok
22:03:50.0354 3924        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:03:50.0369 3924        partmgr - ok
22:03:50.0416 3924        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:03:50.0479 3924        Parvdm - ok
22:03:50.0603 3924        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:03:50.0619 3924        pci - ok
22:03:50.0666 3924        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:03:50.0681 3924        pciide - ok
22:03:50.0728 3924        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:03:50.0744 3924        pcmcia - ok
22:03:50.0806 3924        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:03:50.0869 3924        PEAUTH - ok
22:03:51.0009 3924        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:51.0040 3924        PptpMiniport - ok
22:03:51.0087 3924        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:03:51.0118 3924        Processor - ok
22:03:51.0227 3924        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:03:51.0243 3924        PSched - ok
22:03:51.0368 3924        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:03:51.0415 3924        ql2300 - ok
22:03:51.0477 3924        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:03:51.0493 3924        ql40xx - ok
22:03:51.0524 3924        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:03:51.0586 3924        QWAVEdrv - ok
22:03:51.0617 3924        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:51.0664 3924        RasAcd - ok
22:03:51.0758 3924        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:51.0820 3924        Rasl2tp - ok
22:03:51.0898 3924        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:51.0945 3924        RasPppoe - ok
22:03:52.0007 3924        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:52.0007 3924        RasSstp - ok
22:03:52.0117 3924        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:52.0163 3924        rdbss - ok
22:03:52.0226 3924        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:52.0257 3924        RDPCDD - ok
22:03:52.0304 3924        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:03:52.0335 3924        rdpdr - ok
22:03:52.0397 3924        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:03:52.0460 3924        RDPENCDD - ok
22:03:52.0569 3924        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:03:52.0600 3924        RDPWD - ok
22:03:52.0694 3924        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:52.0709 3924        rspndr - ok
22:03:52.0787 3924        RTL8169        (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:03:52.0834 3924        RTL8169 - ok
22:03:52.0928 3924        RTSTOR          (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:03:52.0975 3924        RTSTOR - ok
22:03:53.0021 3924        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:03:53.0037 3924        sbp2port - ok
22:03:53.0099 3924        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:03:53.0162 3924        secdrv - ok
22:03:53.0240 3924        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:03:53.0271 3924        Serenum - ok
22:03:53.0365 3924        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:03:53.0427 3924        Serial - ok
22:03:53.0489 3924        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:03:53.0521 3924        sermouse - ok
22:03:53.0614 3924        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:03:53.0645 3924        sffdisk - ok
22:03:53.0692 3924        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:53.0739 3924        sffp_mmc - ok
22:03:53.0833 3924        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:03:53.0864 3924        sffp_sd - ok
22:03:53.0926 3924        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:03:53.0973 3924        sfloppy - ok
22:03:54.0035 3924        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:03:54.0051 3924        sisagp - ok
22:03:54.0113 3924        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:03:54.0113 3924        SiSRaid2 - ok
22:03:54.0176 3924        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:03:54.0191 3924        SiSRaid4 - ok
22:03:54.0301 3924        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:03:54.0332 3924        Smb - ok
22:03:54.0410 3924        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:03:54.0425 3924        spldr - ok
22:03:54.0519 3924        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
22:03:54.0535 3924        sptd - ok
22:03:54.0644 3924        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:03:54.0706 3924        srv - ok
22:03:54.0769 3924        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:03:54.0815 3924        srv2 - ok
22:03:54.0878 3924        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:54.0893 3924        srvnet - ok
22:03:54.0987 3924        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:03:54.0987 3924        ssmdrv - ok
22:03:55.0081 3924        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:03:55.0096 3924        swenum - ok
22:03:55.0143 3924        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:03:55.0159 3924        Symc8xx - ok
22:03:55.0205 3924        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:03:55.0205 3924        Sym_hi - ok
22:03:55.0299 3924        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:03:55.0315 3924        Sym_u3 - ok
22:03:55.0393 3924        SynTP          (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:55.0408 3924        SynTP - ok
22:03:55.0517 3924        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:03:55.0595 3924        Tcpip - ok
22:03:55.0689 3924        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:55.0767 3924        Tcpip6 - ok
22:03:55.0861 3924        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:03:55.0923 3924        tcpipreg - ok
22:03:56.0032 3924        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:03:56.0063 3924        tdcmdpst - ok
22:03:56.0110 3924        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:03:56.0141 3924        TDPIPE - ok
22:03:56.0219 3924        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:03:56.0251 3924        TDTCP - ok
22:03:56.0344 3924        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:03:56.0375 3924        tdx - ok
22:03:56.0485 3924        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:03:56.0500 3924        TermDD - ok
22:03:56.0609 3924        tos_sps32      (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:03:56.0625 3924        tos_sps32 - ok
22:03:56.0672 3924        TridVid        (171f41174a88f71e7234d7a48303c6a0) C:\Windows\system32\DRIVERS\TridVid.sys
22:03:56.0703 3924        TridVid ( UnsignedFile.Multi.Generic ) - warning
22:03:56.0703 3924        TridVid - detected UnsignedFile.Multi.Generic (1)
22:03:56.0812 3924        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:56.0843 3924        tssecsrv - ok
22:03:56.0890 3924        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:03:56.0921 3924        tunmp - ok
22:03:57.0031 3924        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:57.0062 3924        tunnel - ok
22:03:57.0140 3924        TVALZ          (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:03:57.0155 3924        TVALZ - ok
22:03:57.0218 3924        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:03:57.0218 3924        uagp35 - ok
22:03:57.0280 3924        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:03:57.0311 3924        udfs - ok
22:03:57.0374 3924        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:03:57.0389 3924        uliagpkx - ok
22:03:57.0467 3924        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:03:57.0483 3924        uliahci - ok
22:03:57.0530 3924        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:03:57.0545 3924        UlSata - ok
22:03:57.0623 3924        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:03:57.0655 3924        ulsata2 - ok
22:03:57.0686 3924        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:03:57.0717 3924        umbus - ok
22:03:57.0811 3924        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:57.0842 3924        usbccgp - ok
22:03:57.0889 3924        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:03:57.0935 3924        usbcir - ok
22:03:58.0029 3924        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:03:58.0045 3924        usbehci - ok
22:03:58.0123 3924        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:03:58.0169 3924        usbhub - ok
22:03:58.0247 3924        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:03:58.0294 3924        usbohci - ok
22:03:58.0372 3924        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:58.0419 3924        usbprint - ok
22:03:58.0497 3924        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:58.0544 3924        usbscan - ok
22:03:58.0606 3924        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:58.0637 3924        USBSTOR - ok
22:03:58.0715 3924        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:03:58.0731 3924        usbuhci - ok
22:03:58.0809 3924        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:03:58.0840 3924        usbvideo - ok
22:03:58.0918 3924        VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
22:03:58.0949 3924        VClone - ok
22:03:59.0043 3924        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:59.0059 3924        vga - ok
22:03:59.0152 3924        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:03:59.0183 3924        VgaSave - ok
22:03:59.0246 3924        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:03:59.0261 3924        viaagp - ok
22:03:59.0308 3924        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:03:59.0355 3924        ViaC7 - ok
22:03:59.0402 3924        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:03:59.0417 3924        viaide - ok
22:03:59.0542 3924        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:03:59.0558 3924        volmgr - ok
22:03:59.0651 3924        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:03:59.0667 3924        volmgrx - ok
22:03:59.0729 3924        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:03:59.0745 3924        volsnap - ok
22:03:59.0792 3924        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:03:59.0807 3924        vsmraid - ok
22:03:59.0917 3924        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:03:59.0979 3924        WacomPen - ok
22:04:00.0057 3924        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0088 3924        Wanarp - ok
22:04:00.0104 3924        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:00.0135 3924        Wanarpv6 - ok
22:04:00.0197 3924        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:04:00.0229 3924        Wd - ok
22:04:00.0307 3924        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:04:00.0338 3924        Wdf01000 - ok
22:04:00.0431 3924        winachsf        (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:04:00.0525 3924        winachsf - ok
22:04:00.0634 3924        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:04:00.0665 3924        WmiAcpi - ok
22:04:00.0775 3924        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:00.0821 3924        ws2ifsl - ok
22:04:00.0899 3924        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:00.0931 3924        WUDFRd - ok
22:04:01.0024 3924        XAudio          (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:04:01.0040 3924        XAudio - ok
22:04:01.0087 3924        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:04:01.0243 3924        \Device\Harddisk0\DR0 - ok
22:04:01.0258 3924        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:04:01.0367 3924        \Device\Harddisk1\DR1 - ok
22:04:01.0367 3924        Boot (0x1200)  (ee927f59cc580f4744aaa761d6bbc12a) \Device\Harddisk0\DR0\Partition0
22:04:01.0367 3924        \Device\Harddisk0\DR0\Partition0 - ok
22:04:01.0399 3924        Boot (0x1200)  (d906ad2edc756e2d58a56ce8ae2c511c) \Device\Harddisk0\DR0\Partition1
22:04:01.0399 3924        \Device\Harddisk0\DR0\Partition1 - ok
22:04:01.0414 3924        Boot (0x1200)  (8de33614e07dc00c79efbb62e5dd6617) \Device\Harddisk1\DR1\Partition0
22:04:01.0414 3924        \Device\Harddisk1\DR1\Partition0 - ok
22:04:01.0414 3924        ============================================================
22:04:01.0414 3924        Scan finished
22:04:01.0414 3924        ============================================================
22:04:01.0445 2748        Detected object count: 1
22:04:01.0445 2748        Actual detected object count: 1
22:04:25.0781 2748        HKLM\SYSTEM\ControlSet001\services\TridVid - will be deleted on reboot
22:04:25.0813 2748        HKLM\SYSTEM\ControlSet002\services\TridVid - will be deleted on reboot
22:04:25.0859 2748        C:\Windows\system32\DRIVERS\TridVid.sys - will be deleted on reboot
22:04:25.0859 2748        TridVid ( UnsignedFile.Multi.Generic ) - User select action: Delete
MBRCheck
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Basic Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        TOSHIBA
BIOS Manufacturer:                INSYDE
System Manufacturer:                TOSHIBA
System Product Name:                Satellite L300
Logical Drives Mask:                0x0000007c

Kernel Drivers (total 150):
  0x8203A000 \SystemRoot\system32\ntkrnlpa.exe
  0x82007000 \SystemRoot\system32\hal.dll
  0x8040E000 \SystemRoot\system32\kdcom.dll
  0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80485000 \SystemRoot\system32\PSHED.dll
  0x80496000 \SystemRoot\system32\BOOTVID.dll
  0x8049E000 \SystemRoot\system32\CLFS.SYS
  0x804DF000 \SystemRoot\system32\CI.dll
  0x805BF000 \SystemRoot\System32\drivers\pcrcx.sys
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\System32\drivers\partmgr.sys
  0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80798000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8079F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8260C000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x826DA000 \SystemRoot\system32\drivers\atapi.sys
  0x826E2000 \SystemRoot\system32\drivers\ataport.SYS
  0x82700000 \SystemRoot\system32\drivers\msahci.sys
  0x8270A000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8273C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8274C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87A00000 \SystemRoot\system32\drivers\ndis.sys
  0x87B0B000 \SystemRoot\system32\drivers\msrpc.sys
  0x87B36000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87C08000 \SystemRoot\System32\drivers\tcpip.sys
  0x87CF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87E09000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87F19000 \SystemRoot\system32\drivers\volsnap.sys
  0x87F52000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x87F57000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
  0x87F9A000 \SystemRoot\System32\Drivers\spldr.sys
  0x87FA2000 \SystemRoot\System32\Drivers\mup.sys
  0x87FB1000 \SystemRoot\System32\drivers\ecache.sys
  0x87FD8000 \SystemRoot\system32\drivers\disk.sys
  0x87D0D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x87FE9000 \SystemRoot\system32\drivers\crcdisk.sys
  0x87B71000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87C00000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x87B7C000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x87DFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8B808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8BEEC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8BF8C000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BF98000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8BFA3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8BFE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C008000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C095000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8C0B6000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8C19A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8C1AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8C1B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C1E7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8C1E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C1F4000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
  0x87B8B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x87BA3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x827BD000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8BFF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x87BD2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x87BE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x807AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x807D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x807DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x805CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x805E2000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x87BF4000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x8C207000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8C22D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8C22F000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8C259000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8C263000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8C270000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C2A5000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C800000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C2B6000 \SystemRoot\system32\drivers\portcls.sys
  0x8C2E3000 \SystemRoot\system32\drivers\drmk.sys
  0x8C308000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
  0x8CA07000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
  0x8CB0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
  0x8CBBF000 \SystemRoot\system32\drivers\modem.sys
  0x8CBCC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8CBD5000 \SystemRoot\System32\Drivers\Null.SYS
  0x8CBDC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8CBE3000 \SystemRoot\System32\drivers\vga.sys
  0x8C346000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8CBEF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8CBF7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C367000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C372000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C380000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C389000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C39F000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8C3B3000 \SystemRoot\system32\drivers\afd.sys
  0x8CE09000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8CE3B000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8CE51000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
  0x8CE56000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8CE64000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8CE77000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8CE7D000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8CEB9000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8CEC3000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8CEC8000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8CEEF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8CEF1000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8CEFE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x94670000 \SystemRoot\System32\win32k.sys
  0x8CFCC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8CFD6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94890000 \SystemRoot\System32\TSDDD.dll
  0x948B0000 \SystemRoot\System32\cdd.dll
  0x8CFE5000 \SystemRoot\system32\drivers\luafv.sys
  0x87D2E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x87D45000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x87D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x87FF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x87D7F000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA8A09000 \SystemRoot\system32\drivers\spsys.sys
  0xA8AB9000 \SystemRoot\system32\drivers\HTTP.sys
  0xA8B26000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA8B43000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA8B5C000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA8B7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA8B9C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA8BD5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x87D92000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA9204000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA9253000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
  0xA9257000 \SystemRoot\system32\drivers\peauth.sys
  0xA9335000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA933F000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA934B000 \SystemRoot\system32\DRIVERS\xaudio.sys
  0xA9353000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA9371000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xA9386000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA93AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA93C3000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA93D5000 \SystemRoot\system32\drivers\13992015.sys
  0x77330000 \Windows\System32\ntdll.dll

Processes (total 63):
      0 System Idle Process
      4 System
    516 C:\Windows\System32\smss.exe
    584 csrss.exe
    628 C:\Windows\System32\wininit.exe
    636 csrss.exe
    684 C:\Windows\System32\winlogon.exe
    708 C:\Windows\System32\services.exe
    728 C:\Windows\System32\lsass.exe
    736 C:\Windows\System32\lsm.exe
    892 C:\Windows\System32\svchost.exe
    948 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    988 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1188 C:\Windows\System32\audiodg.exe
    1208 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\wlanext.exe
    1784 C:\Windows\System32\spoolsv.exe
    1944 C:\Windows\System32\dwm.exe
    1992 C:\Windows\explorer.exe
    2020 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    700 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\SearchIndexer.exe
    116 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2016 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    2068 C:\Windows\System32\igfxtray.exe
    2076 C:\Windows\System32\hkcmd.exe
    2084 C:\Windows\System32\igfxpers.exe
    2092 C:\Windows\RtHDVCpl.exe
    2108 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    2116 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    2124 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    2140 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2148 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2164 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2188 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2204 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2276 C:\Program Files\Windows Sidebar\sidebar.exe
    2284 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    2344 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    2676 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    2888 C:\Windows\System32\igfxsrvc.exe
    3000 C:\Windows\System32\taskeng.exe
    3600 C:\Windows\System32\igfxext.exe
    3660 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    3672 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    2224 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3332 C:\Windows\System32\svchost.exe
    2972 WUDFHost.exe
    1836 WmiPrvSE.exe
    3128 C:\Windows\System32\SearchProtocolHost.exe
    2260 C:\Windows\System32\SearchFilterHost.exe
    232 dllhost.exe
    804 dllhost.exe
    1076 C:\Users\Gisela\Desktop\MBRCheck.exe
    2052 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`f5700000  (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2160BHG1, Rev: 0040020C

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Larina

Chris4You 20.12.2011 22:37
Hi,

ein kleiner Fix noch, dann solltest Du noch den CCleaner laufen lassen...

Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
[2011.12.20 18:46:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:21 Uhr.
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131