Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Spyhunter 4 und Win 7 Home Security eingefangen (https://www.trojaner-board.de/107907-spyhunter-4-win-7-home-security-eingefangen.html)

Speedx 10.01.2012 20:11
Spyhunter 4 und Win 7 Home Security eingefangen
 
Hi,
wie oben schon erwähnt, habe ich mir zu erst Win 7 Home Security 2012 eingefangen und dann aufgrund dieser Anleitung hxxp://de.pcthreat.com/parasitebyid-19091de.html zum entfernen auch Spyhunter installiert.
Leider hab ich erst danach erfahren, dass Spyhunter selbst Malware ist und aufgrund dessen, wie ja auch hier beschrieben, eine Systemwiederherstellung durchgeführt.
Seit dem sind auch die ganzen erstellten Datein vom Win 7 Home Security 2012 weg.
Zur Sicherheit hatte ich dann nochmal Anti-Malware installiert und scannen lassen, sowie rkill.com und FixNCR ausgeführt und alle haben nichts gefunden.
Auch der Windows Security Essential hat nichts ausegeben.

Jetzt bin ich mir aber immernoch nicht sicher ob Win 7 Home Security 2012 komplett weg ist und ob die Systemwiederherstellung das wirklich auch gelöscht hat.

Habe Windows 7 86-Bit.

Und vielen Dank schonmal für euere Hilfe.


OTL hat folgendes ausgegeben:

cosinus 11.01.2012 18:56
Zitat:
Zur Sicherheit hatte ich dann nochmal Anti-Malware installiert und scannen lassen, sowie rkill.com und FixNCR ausgeführt und alle haben nichts gefunden.
Trotzdem bitte alle Logs posten

Speedx 11.01.2012 21:47
Zitat:
Zitat von cosinus (Beitrag 752887)
Trotzdem bitte alle Logs posten
Okay. Kannst du mir sagen, mit welchen Programmen ich das am besten machen kann?

Danke schonmal für deine Hilfe.


Edit:

So, dass hier gibt Malwarebyte aus:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathi :: KATHI-PC [Administrator]

11.01.2012 13:08:53
mbam-log-2012-01-11 (13-08-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 177592
Laufzeit: 5 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
und die Ausgabe der beiden OTL-Datein sind im Anhang.

cosinus 12.01.2012 14:37
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Speedx 13.01.2012 06:04
hi,

also, dass ist die Ausgabe von dem ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b756fac841b38409a1b21fa82a3d49c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-13 01:13:33
# local_time=2012-01-12 08:13:33 (-0500, Eastern Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17213178 77954605 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=196786
# found=1
# cleaned=0
# scan_time=7400
C:\Users\Kathi\AppData\Local\Mozilla\Firefox\Profiles\y0vv4hom.default\Cache\6\E0\6DD38d01        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
und hier ist die Ausgabe von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.12.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathi :: KATHI-PC [Administrator]

12.01.2012 16:10:03
mbam-log-2012-01-12 (16-10-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 362734
Laufzeit: 1 Stunde(n), 19 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Im Anhang sind alle vorherigen Ausgaben von Malwarebytes.

cosinus 13.01.2012 14:23
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Speedx 13.01.2012 19:33
Okay, hier ist die Ausgabe von OTL

Code:
OTL logfile created on: 13.01.2012 10:09:42 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Kathi\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,63% Memory free
5,99 Gb Paging File | 4,90 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,30 Gb Total Space | 47,41 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Drive D: | 175,78 Gb Total Space | 89,55 Gb Free Space | 50,95% Space Free | Partition Type: NTFS
 
Computer Name: KATHI-PC | User Name: Kathi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.10 10:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe
PRC - [2012.01.03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.07.20 20:16:22 | 000,119,808 | --S- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Research KinectSDK\Service\KinectManagementService.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.01 14:16:12 | 000,539,416 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011.05.25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.05.11 14:08:44 | 008,148,992 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.03.21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 11:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 11:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 07:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 07:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 07:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 07:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.09.03 16:17:14 | 003,342,336 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2009.08.17 19:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.17 19:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.03.30 05:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 04:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 10:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 10:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.18 05:45:20 | 000,100,352 | ---- | M] () -- C:\Programme\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
MOD - [2011.06.11 07:04:43 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.08 19:56:38 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.09 15:49:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 20:16:22 | 000,119,808 | --S- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Research KinectSDK\Service\KinectManagementService.exe -- (KinectManagement)
SRV - [2011.07.13 09:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.05.11 14:08:44 | 008,148,992 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.08.17 19:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.13 09:59:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59A48B72-EAB8-4130-9C90-D36E832B9DB1}\MpKslcc9bed04.sys -- (MpKslcc9bed04)
DRV - [2011.07.20 19:24:16 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kinectcamera.sys -- (KinectCamera)
DRV - [2011.07.13 09:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.07.05 03:12:16 | 000,035,944 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rsvcdwdr.sys -- (rsvcdwdr)
DRV - [2011.07.05 03:12:11 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.07.05 03:12:11 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011.05.30 07:02:12 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.08.17 20:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.03.30 05:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE F8 1B 87 F5 C5 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 143.215.131.206:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.06.10 17:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.06.10 17:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 12:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 12:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.10 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\mozilla\Extensions
[2011.12.27 04:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions
[2011.06.11 07:13:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.27 04:20:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kathi\AppData\Roaming\mozilla\Firefox\Profiles\y0vv4hom.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.11 14:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.11 12:44:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.11 12:44:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 12:44:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 12:44:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 12:44:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 12:44:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 12:44:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.25.115.12 142.25.115.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B5C66B-6ED0-4F03-B1AB-F391458C2175}: DhcpNameServer = 142.25.115.12 142.25.115.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell - "" = AutoRun
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.12 18:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.11 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.11 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.01.11 12:10:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 10:48:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe
[2012.01.09 19:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.09 15:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012.01.09 12:49:53 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.01.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.01.09 11:27:40 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2012.01.09 11:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.09 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.09 11:26:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.09 11:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.06 22:39:59 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{4AF3A32D-D8AA-44C5-A93C-B22E763ACB38}
[2012.01.06 22:39:32 | 000,000,000 | ---D | C] -- C:\Users\Kathi\AppData\Local\{DFDC0D6A-00A9-433E-A6E1-E169CDDF4E2D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.13 10:07:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 10:07:36 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 09:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.13 09:59:26 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.12 21:02:54 | 000,005,230 | ---- | M] () -- C:\Users\Kathi\Desktop\malwarebytes_log.zip
[2012.01.11 16:24:58 | 000,016,782 | ---- | M] () -- C:\Users\Kathi\Documents\kanada_trip.ods
[2012.01.11 12:39:24 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.01.11 01:22:43 | 000,764,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.11 01:22:43 | 000,719,620 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.11 01:22:43 | 000,173,596 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.11 01:22:43 | 000,146,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.10 10:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathi\Desktop\OTL.exe
[2012.01.09 15:52:12 | 000,371,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.09 15:04:48 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.08 17:53:52 | 000,009,783 | ---- | M] () -- C:\Users\Kathi\Documents\kanada.odt
[2012.01.02 23:35:09 | 000,011,443 | ---- | M] () -- C:\Users\Kathi\Documents\Praktikum_1.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.12 21:02:53 | 000,005,230 | ---- | C] () -- C:\Users\Kathi\Desktop\malwarebytes_log.zip
[2012.01.11 12:39:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.11 12:39:24 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.01.09 02:35:43 | 000,009,230 | -HS- | C] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.09 02:35:43 | 000,009,230 | -HS- | C] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.02 23:32:19 | 000,011,443 | ---- | C] () -- C:\Users\Kathi\Documents\Praktikum_1.odt
[2011.12.26 02:42:11 | 000,016,782 | ---- | C] () -- C:\Users\Kathi\Documents\kanada_trip.ods
[2011.11.04 01:18:02 | 000,000,470 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.20 20:16:28 | 000,082,432 | --S- | C] () -- C:\Windows\System32\KinectCOMLib.dll
[2011.06.30 07:22:35 | 000,000,600 | ---- | C] () -- C:\Users\Kathi\AppData\Local\PUTTY.RND
[2011.06.16 20:26:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.15 03:45:04 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.06.11 08:07:26 | 000,000,600 | ---- | C] () -- C:\Users\Kathi\AppData\Roaming\winscp.rnd
[2011.06.10 17:26:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.10 17:12:55 | 000,000,017 | ---- | C] () -- C:\Users\Kathi\AppData\Local\resmon.resmoncfg
[2011.06.10 16:49:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 03:50:01 | 000,764,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 03:50:01 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 03:50:01 | 000,173,596 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 03:50:01 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 23:33:53 | 000,371,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.13 21:05:48 | 000,719,620 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.13 21:05:48 | 000,146,542 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 12:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012.01.13 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Dropbox
[2011.08.20 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.02 09:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\gtk-2.0
[2011.06.11 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MySQL
[2011.06.11 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Notepad++
[2011.06.11 08:07:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenCandy
[2011.06.11 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
[2011.07.26 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Opera
[2011.06.11 07:34:45 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Subversion
[2011.08.02 06:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Thunderbird
[2012.01.04 12:45:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.11 08:03:34 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Adobe
[2011.08.20 15:48:43 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Apple Computer
[2011.06.26 19:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DivX
[2012.01.13 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Dropbox
[2011.08.20 14:30:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.02 09:49:49 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\gtk-2.0
[2011.06.10 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Identities
[2011.06.10 17:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Macromedia
[2012.01.09 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Malwarebytes
[2009.07.14 03:55:41 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Media Center Programs
[2011.11.15 00:19:14 | 000,000,000 | --SD | M] -- C:\Users\Kathi\AppData\Roaming\Microsoft
[2011.10.19 01:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Microsoft Corporation
[2011.06.10 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Mozilla
[2011.06.11 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\MySQL
[2011.06.11 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Notepad++
[2011.06.11 08:07:19 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenCandy
[2011.06.11 07:10:15 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\OpenOffice.org
[2011.07.26 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Opera
[2011.06.11 09:26:30 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Real
[2011.07.02 09:09:56 | 000,000,000 | RH-D | M] -- C:\Users\Kathi\AppData\Roaming\SecuROM
[2012.01.13 10:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Skype
[2012.01.13 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\skypePM
[2011.06.11 07:34:45 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Subversion
[2011.08.02 06:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\Thunderbird
[2011.06.20 03:55:48 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\TortoiseSVN
[2011.12.12 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\vlc
[2011.11.02 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\VMware
[2011.06.13 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Kathi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 15:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.06.11 08:07:20 | 000,416,160 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\OpenCandy\OpenCandy_D73ADC0675C4498CA45F5D454080DC09\LatestDLMgr.exe
[2011.06.11 08:07:26 | 000,691,472 | ---- | M] () -- C:\Users\Kathi\AppData\Roaming\OpenCandy\OpenCandy_D73ADC0675C4498CA45F5D454080DC09\RealPlayerDE_p1v2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 07:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX4\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX5\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX6\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX7\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX5\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX6\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kathi\AppData\Local\Temp\RarSFX7\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.07.23 04:46:07 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.07.23 04:46:07 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009.07.13 20:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

< End of report >

cosinus 13.01.2012 19:59
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell - "" = AutoRun
O33 - MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\Shell\AutoRun\command - "" = G:\iStudio.exe
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
[2012.01.09 12:20:43 | 000,009,230 | -HS- | M] () -- C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Speedx 13.01.2012 20:31
Hab alles gemacht, wie du gesagt hast.

Hier ist die Ausgabe:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027ea96-b763-11e0-8544-005056c00008}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e90f4eed-2b86-11e1-a856-0013779d7363}\ not found.
File G:\iStudio.exe not found.
File C:\Users\Kathi\AppData\Local\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 not found.
File C:\ProgramData\85gfhs16d178dr1hh0xjm30p6h0q21116cdd7446x2am34 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kathi
->Temp folder emptied: 2014033 bytes
->Temporary Internet Files folder emptied: 201454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7215071 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1410 bytes
RecycleBin emptied: 112504 bytes
 
Total Files Cleaned = 9,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_112548

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Was ist den mit "C:\Windows\System32\drivers\etc\Hosts moved successfully" gemeint? Heißt das, dass alle Treiber gelöscht wurden?

cosinus 13.01.2012 23:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Speedx 13.01.2012 23:46
Okay, hier ist der Report vom Tdsskiller:

Code:
14:42:07.0138 2840        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
14:42:07.0637 2840        ============================================================
14:42:07.0638 2840        Current date / time: 2012/01/13 14:42:07.0637
14:42:07.0638 2840        SystemInfo:
14:42:07.0638 2840       
14:42:07.0638 2840        OS Version: 6.1.7601 ServicePack: 1.0
14:42:07.0638 2840        Product type: Workstation
14:42:07.0638 2840        ComputerName: KATHI-PC
14:42:07.0638 2840        UserName: Kathi
14:42:07.0638 2840        Windows directory: C:\Windows
14:42:07.0638 2840        System windows directory: C:\Windows
14:42:07.0638 2840        Processor architecture: Intel x86
14:42:07.0638 2840        Number of processors: 2
14:42:07.0638 2840        Page size: 0x1000
14:42:07.0638 2840        Boot type: Normal boot
14:42:07.0639 2840        ============================================================
14:42:09.0522 2840        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
14:42:09.0605 2840        Initialize success
14:43:32.0431 4336        ============================================================
14:43:32.0431 4336        Scan started
14:43:32.0431 4336        Mode: Manual; SigCheck; TDLFS;
14:43:32.0431 4336        ============================================================
14:43:33.0673 4336        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:33.0812 4336        1394ohci - ok
14:43:34.0126 4336        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:34.0165 4336        ACPI - ok
14:43:34.0290 4336        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:34.0399 4336        AcpiPmi - ok
14:43:34.0759 4336        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:34.0792 4336        adp94xx - ok
14:43:34.0967 4336        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:34.0995 4336        adpahci - ok
14:43:35.0032 4336        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:35.0062 4336        adpu320 - ok
14:43:35.0153 4336        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:35.0224 4336        AFD - ok
14:43:35.0295 4336        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:35.0324 4336        agp440 - ok
14:43:35.0377 4336        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:43:35.0405 4336        aic78xx - ok
14:43:35.0487 4336        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:35.0509 4336        aliide - ok
14:43:35.0572 4336        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:35.0600 4336        amdagp - ok
14:43:35.0636 4336        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:35.0670 4336        amdide - ok
14:43:35.0731 4336        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:35.0793 4336        AmdK8 - ok
14:43:35.0822 4336        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:35.0887 4336        AmdPPM - ok
14:43:35.0962 4336        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:43:35.0988 4336        amdsata - ok
14:43:36.0042 4336        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:36.0075 4336        amdsbs - ok
14:43:36.0101 4336        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:43:36.0127 4336        amdxata - ok
14:43:36.0186 4336        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:36.0329 4336        AppID - ok
14:43:36.0532 4336        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:43:36.0558 4336        arc - ok
14:43:36.0622 4336        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:36.0660 4336        arcsas - ok
14:43:36.0762 4336        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:36.0894 4336        AsyncMac - ok
14:43:36.0970 4336        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:37.0008 4336        atapi - ok
14:43:37.0083 4336        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
14:43:37.0167 4336        athr - ok
14:43:37.0556 4336        atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:37.0820 4336        atikmdag - ok
14:43:38.0197 4336        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:43:38.0261 4336        b06bdrv - ok
14:43:38.0362 4336        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:38.0391 4336        b57nd60x - ok
14:43:38.0471 4336        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:38.0536 4336        Beep - ok
14:43:38.0600 4336        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:38.0663 4336        blbdrive - ok
14:43:38.0741 4336        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:38.0804 4336        bowser - ok
14:43:38.0832 4336        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:38.0888 4336        BrFiltLo - ok
14:43:38.0906 4336        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:38.0959 4336        BrFiltUp - ok
14:43:39.0035 4336        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:39.0121 4336        Brserid - ok
14:43:39.0142 4336        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:39.0213 4336        BrSerWdm - ok
14:43:39.0232 4336        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:39.0282 4336        BrUsbMdm - ok
14:43:39.0323 4336        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:39.0367 4336        BrUsbSer - ok
14:43:39.0426 4336        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:39.0475 4336        BTHMODEM - ok
14:43:39.0552 4336        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:43:39.0629 4336        cdfs - ok
14:43:39.0695 4336        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:43:39.0736 4336        cdrom - ok
14:43:39.0792 4336        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:43:39.0834 4336        circlass - ok
14:43:39.0889 4336        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:43:39.0931 4336        CLFS - ok
14:43:40.0082 4336        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:43:40.0141 4336        CmBatt - ok
14:43:40.0213 4336        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:43:40.0235 4336        cmdide - ok
14:43:40.0356 4336        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:43:40.0399 4336        CNG - ok
14:43:40.0459 4336        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:43:40.0481 4336        Compbatt - ok
14:43:40.0531 4336        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:43:40.0573 4336        CompositeBus - ok
14:43:40.0620 4336        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:43:40.0642 4336        crcdisk - ok
14:43:40.0799 4336        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:43:40.0881 4336        CSC - ok
14:43:40.0959 4336        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:43:41.0011 4336        DfsC - ok
14:43:41.0152 4336        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:43:41.0240 4336        discache - ok
14:43:41.0294 4336        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:43:41.0322 4336        Disk - ok
14:43:41.0419 4336        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:43:41.0474 4336        drmkaud - ok
14:43:41.0732 4336        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:43:41.0779 4336        DXGKrnl - ok
14:43:41.0917 4336        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:43:42.0074 4336        ebdrv - ok
14:43:42.0149 4336        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:43:42.0187 4336        elxstor - ok
14:43:42.0340 4336        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:43:42.0408 4336        ErrDev - ok
14:43:42.0478 4336        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:43:42.0548 4336        exfat - ok
14:43:42.0646 4336        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:43:42.0715 4336        fastfat - ok
14:43:42.0765 4336        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:43:42.0802 4336        fdc - ok
14:43:42.0853 4336        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:43:42.0884 4336        FileInfo - ok
14:43:42.0985 4336        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:43:43.0047 4336        Filetrace - ok
14:43:43.0076 4336        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:43.0113 4336        flpydisk - ok
14:43:43.0207 4336        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:43:43.0245 4336        FltMgr - ok
14:43:43.0348 4336        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:43:43.0374 4336        FsDepends - ok
14:43:43.0432 4336        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:43:43.0460 4336        Fs_Rec - ok
14:43:43.0529 4336        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:43:43.0577 4336        fvevol - ok
14:43:43.0640 4336        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:43:43.0669 4336        gagp30kx - ok
14:43:43.0746 4336        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:43.0790 4336        GEARAspiWDM - ok
14:43:43.0828 4336        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:43:43.0888 4336        hcw85cir - ok
14:43:44.0068 4336        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:43:44.0148 4336        HdAudAddService - ok
14:43:44.0200 4336        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:43:44.0252 4336        HDAudBus - ok
14:43:44.0321 4336        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:43:44.0404 4336        HidBatt - ok
14:43:44.0438 4336        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:43:44.0510 4336        HidBth - ok
14:43:44.0561 4336        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:43:44.0609 4336        HidIr - ok
14:43:44.0694 4336        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:43:44.0790 4336        HidUsb - ok
14:43:44.0851 4336        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:43:44.0877 4336        HpSAMD - ok
14:43:44.0953 4336        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:43:45.0038 4336        HTTP - ok
14:43:45.0149 4336        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:43:45.0170 4336        hwpolicy - ok
14:43:45.0236 4336        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:43:45.0279 4336        i8042prt - ok
14:43:45.0330 4336        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:43:45.0372 4336        iaStorV - ok
14:43:45.0450 4336        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:43:45.0477 4336        iirsp - ok
14:43:45.0613 4336        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:43:45.0635 4336        intelide - ok
14:43:45.0682 4336        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:43:45.0716 4336        intelppm - ok
14:43:45.0758 4336        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:45.0832 4336        IpFilterDriver - ok
14:43:45.0950 4336        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:43:46.0030 4336        IPMIDRV - ok
14:43:46.0140 4336        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:43:46.0244 4336        IPNAT - ok
14:43:46.0305 4336        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:43:46.0355 4336        IRENUM - ok
14:43:46.0402 4336        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:43:46.0429 4336        isapnp - ok
14:43:46.0565 4336        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:43:46.0596 4336        iScsiPrt - ok
14:43:46.0655 4336        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:43:46.0684 4336        kbdclass - ok
14:43:46.0737 4336        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:43:46.0805 4336        kbdhid - ok
14:43:46.0884 4336        KinectCamera    (de35d785762441d60b60902329652c0e) C:\Windows\system32\Drivers\kinectcamera.sys
14:43:46.0970 4336        KinectCamera - ok
14:43:47.0115 4336        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:43:47.0163 4336        KSecDD - ok
14:43:47.0201 4336        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:43:47.0236 4336        KSecPkg - ok
14:43:47.0320 4336        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:43:47.0374 4336        lltdio - ok
14:43:47.0441 4336        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:43:47.0469 4336        LSI_FC - ok
14:43:47.0491 4336        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:43:47.0561 4336        LSI_SAS - ok
14:43:47.0603 4336        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:43:47.0628 4336        LSI_SAS2 - ok
14:43:47.0649 4336        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:43:47.0677 4336        LSI_SCSI - ok
14:43:47.0732 4336        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:43:47.0837 4336        luafv - ok
14:43:47.0878 4336        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:43:47.0902 4336        megasas - ok
14:43:47.0954 4336        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:43:47.0996 4336        MegaSR - ok
14:43:48.0043 4336        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:43:48.0150 4336        Modem - ok
14:43:48.0256 4336        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:43:48.0364 4336        monitor - ok
14:43:48.0433 4336        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:43:48.0468 4336        mouclass - ok
14:43:48.0531 4336        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:43:48.0579 4336        mouhid - ok
14:43:48.0654 4336        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:43:48.0682 4336        mountmgr - ok
14:43:48.0804 4336        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:48.0868 4336        MpFilter - ok
14:43:48.0981 4336        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:43:49.0011 4336        mpio - ok
14:43:49.0111 4336        MpKsl0ac19252 - ok
14:43:49.0173 4336        MpKsl17f321b5 - ok
14:43:49.0222 4336        MpKsl271ab0ef - ok
14:43:49.0245 4336        MpKsl8395dea6 - ok
14:43:49.0270 4336        MpKsla90fc25b - ok
14:43:49.0323 4336        MpKslbd2e964a  (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DD34C6E-5E78-4DF5-AE90-4ADFDF2544FE}\MpKslbd2e964a.sys
14:43:49.0356 4336        MpKslbd2e964a - ok
14:43:49.0408 4336        MpKslc16a69d2 - ok
14:43:49.0955 4336        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:43:49.0988 4336        MpNWMon - ok
14:43:50.0348 4336        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:43:50.0433 4336        mpsdrv - ok
14:43:50.0487 4336        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:43:50.0567 4336        MRxDAV - ok
14:43:50.0638 4336        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:50.0722 4336        mrxsmb - ok
14:43:50.0885 4336        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:50.0943 4336        mrxsmb10 - ok
14:43:51.0033 4336        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:51.0099 4336        mrxsmb20 - ok
14:43:51.0203 4336        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:43:51.0228 4336        msahci - ok
14:43:51.0272 4336        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:43:51.0302 4336        msdsm - ok
14:43:51.0368 4336        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:43:51.0412 4336        Msfs - ok
14:43:51.0441 4336        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:43:51.0519 4336        mshidkmdf - ok
14:43:51.0552 4336        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:43:51.0574 4336        msisadrv - ok
14:43:51.0646 4336        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:43:51.0702 4336        MSKSSRV - ok
14:43:51.0737 4336        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:51.0786 4336        MSPCLOCK - ok
14:43:51.0805 4336        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:43:51.0854 4336        MSPQM - ok
14:43:51.0894 4336        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:43:51.0922 4336        MsRPC - ok
14:43:51.0956 4336        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:43:51.0986 4336        mssmbios - ok
14:43:52.0054 4336        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:43:52.0107 4336        MSTEE - ok
14:43:52.0125 4336        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:52.0165 4336        MTConfig - ok
14:43:52.0203 4336        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:43:52.0234 4336        Mup - ok
14:43:52.0317 4336        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:43:52.0354 4336        NativeWifiP - ok
14:43:52.0410 4336        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:43:52.0470 4336        NDIS - ok
14:43:52.0502 4336        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:52.0559 4336        NdisCap - ok
14:43:52.0597 4336        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:52.0652 4336        NdisTapi - ok
14:43:52.0721 4336        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:52.0765 4336        Ndisuio - ok
14:43:52.0811 4336        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:52.0856 4336        NdisWan - ok
14:43:52.0883 4336        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:43:52.0948 4336        NDProxy - ok
14:43:53.0009 4336        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:43:53.0085 4336        NetBIOS - ok
14:43:53.0126 4336        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:43:53.0209 4336        NetBT - ok
14:43:53.0383 4336        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:53.0407 4336        nfrd960 - ok
14:43:53.0471 4336        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:53.0513 4336        NisDrv - ok
14:43:53.0570 4336        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:43:53.0629 4336        Npfs - ok
14:43:53.0666 4336        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:43:53.0730 4336        nsiproxy - ok
14:43:53.0810 4336        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:43:53.0985 4336        Ntfs - ok
14:43:54.0062 4336        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:43:54.0102 4336        Null - ok
14:43:54.0147 4336        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:43:54.0175 4336        nvraid - ok
14:43:54.0212 4336        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:43:54.0241 4336        nvstor - ok
14:43:54.0293 4336        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:43:54.0325 4336        nv_agp - ok
14:43:54.0366 4336        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:43:54.0416 4336        ohci1394 - ok
14:43:54.0556 4336        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:43:54.0610 4336        Parport - ok
14:43:54.0662 4336        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:43:54.0689 4336        partmgr - ok
14:43:54.0725 4336        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:43:54.0760 4336        Parvdm - ok
14:43:54.0807 4336        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:43:54.0838 4336        pci - ok
14:43:54.0861 4336        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:43:54.0884 4336        pciide - ok
14:43:54.0916 4336        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:54.0949 4336        pcmcia - ok
14:43:54.0982 4336        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:43:55.0008 4336        pcw - ok
14:43:55.0050 4336        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:43:55.0121 4336        PEAUTH - ok
14:43:55.0236 4336        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:43:55.0296 4336        PptpMiniport - ok
14:43:55.0329 4336        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:43:55.0375 4336        Processor - ok
14:43:55.0440 4336        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:43:55.0503 4336        Psched - ok
14:43:55.0565 4336        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:55.0631 4336        ql2300 - ok
14:43:55.0659 4336        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:55.0691 4336        ql40xx - ok
14:43:55.0735 4336        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:43:55.0786 4336        QWAVEdrv - ok
14:43:55.0819 4336        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:55.0881 4336        RasAcd - ok
14:43:55.0927 4336        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:55.0977 4336        RasAgileVpn - ok
14:43:56.0018 4336        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:56.0066 4336        Rasl2tp - ok
14:43:56.0114 4336        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:56.0174 4336        RasPppoe - ok
14:43:56.0212 4336        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:56.0269 4336        RasSstp - ok
14:43:56.0315 4336        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:56.0381 4336        rdbss - ok
14:43:56.0410 4336        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:56.0440 4336        rdpbus - ok
14:43:56.0482 4336        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:56.0533 4336        RDPCDD - ok
14:43:56.0585 4336        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:43:56.0634 4336        RDPDR - ok
14:43:56.0674 4336        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:43:56.0728 4336        RDPENCDD - ok
14:43:56.0767 4336        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:43:56.0830 4336        RDPREFMP - ok
14:43:56.0886 4336        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:43:56.0946 4336        RDPWD - ok
14:43:57.0020 4336        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:43:57.0057 4336        rdyboost - ok
14:43:57.0160 4336        RRNetCap        (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
14:43:57.0216 4336        RRNetCap - ok
14:43:57.0264 4336        RRNetCapMP      (43110c2a2c5ed32ead96c440718e4452) C:\Windows\system32\DRIVERS\rrnetcap.sys
14:43:57.0292 4336        RRNetCapMP - ok
14:43:57.0329 4336        RsFx0103        (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
14:43:57.0362 4336        RsFx0103 - ok
14:43:57.0435 4336        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:57.0487 4336        rspndr - ok
14:43:57.0539 4336        rsvcdwdr        (8cf8c5899ee66b7b1a8fb0ae131b5092) C:\Windows\system32\DRIVERS\rsvcdwdr.sys
14:43:57.0569 4336        rsvcdwdr - ok
14:43:57.0601 4336        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:43:57.0650 4336        s3cap - ok
14:43:57.0705 4336        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:43:57.0739 4336        sbp2port - ok
14:43:57.0788 4336        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:57.0840 4336        scfilter - ok
14:43:57.0923 4336        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:43:57.0988 4336        secdrv - ok
14:43:58.0051 4336        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:43:58.0076 4336        Serenum - ok
14:43:58.0095 4336        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:43:58.0148 4336        Serial - ok
14:43:58.0184 4336        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:58.0235 4336        sermouse - ok
14:43:58.0303 4336        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:43:58.0344 4336        sffdisk - ok
14:43:58.0369 4336        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:43:58.0396 4336        sffp_mmc - ok
14:43:58.0420 4336        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:43:58.0469 4336        sffp_sd - ok
14:43:58.0488 4336        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:58.0518 4336        sfloppy - ok
14:43:58.0560 4336        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:43:58.0590 4336        sisagp - ok
14:43:58.0633 4336        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:58.0657 4336        SiSRaid2 - ok
14:43:58.0686 4336        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:58.0716 4336        SiSRaid4 - ok
14:43:58.0774 4336        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:43:58.0825 4336        Smb - ok
14:43:58.0893 4336        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:43:58.0916 4336        spldr - ok
14:43:59.0032 4336        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:43:59.0091 4336        srv - ok
14:43:59.0123 4336        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:43:59.0170 4336        srv2 - ok
14:43:59.0214 4336        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:59.0251 4336        srvnet - ok
14:43:59.0315 4336        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:59.0340 4336        stexstor - ok
14:43:59.0395 4336        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:43:59.0432 4336        storflt - ok
14:43:59.0466 4336        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:43:59.0490 4336        storvsc - ok
14:43:59.0514 4336        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:43:59.0540 4336        swenum - ok
14:43:59.0610 4336        tap0901        (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
14:43:59.0689 4336        tap0901 - ok
14:43:59.0751 4336        tbhsd          (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
14:43:59.0775 4336        tbhsd - ok
14:43:59.0857 4336        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
14:43:59.0928 4336        Tcpip - ok
14:44:00.0010 4336        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:00.0068 4336        TCPIP6 - ok
14:44:00.0117 4336        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:00.0171 4336        tcpipreg - ok
14:44:00.0212 4336        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:44:00.0273 4336        TDPIPE - ok
14:44:00.0294 4336        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:44:00.0344 4336        TDTCP - ok
14:44:00.0395 4336        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:44:00.0451 4336        tdx - ok
14:44:00.0501 4336        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:44:00.0532 4336        TermDD - ok
14:44:00.0599 4336        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:00.0658 4336        tssecsrv - ok
14:44:00.0708 4336        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:44:00.0767 4336        TsUsbFlt - ok
14:44:00.0828 4336        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:00.0892 4336        tunnel - ok
14:44:00.0934 4336        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:00.0968 4336        uagp35 - ok
14:44:01.0027 4336        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:44:01.0090 4336        udfs - ok
14:44:01.0159 4336        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:44:01.0190 4336        uliagpkx - ok
14:44:01.0258 4336        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:44:01.0287 4336        umbus - ok
14:44:01.0322 4336        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:01.0349 4336        UmPass - ok
14:44:01.0421 4336        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:44:01.0472 4336        USBAAPL - ok
14:44:01.0518 4336        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:44:01.0591 4336        usbaudio - ok
14:44:01.0639 4336        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:01.0698 4336        usbccgp - ok
14:44:01.0738 4336        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:44:01.0768 4336        usbcir - ok
14:44:01.0813 4336        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:01.0838 4336        usbehci - ok
14:44:01.0907 4336        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:01.0954 4336        usbhub - ok
14:44:02.0002 4336        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
14:44:02.0057 4336        usbohci - ok
14:44:02.0092 4336        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:02.0140 4336        usbprint - ok
14:44:02.0187 4336        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
14:44:02.0239 4336        USBSTOR - ok
14:44:02.0286 4336        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:44:02.0327 4336        usbuhci - ok
14:44:02.0401 4336        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
14:44:02.0446 4336        usbvideo - ok
14:44:02.0505 4336        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:44:02.0530 4336        vdrvroot - ok
14:44:02.0588 4336        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:02.0634 4336        vga - ok
14:44:02.0677 4336        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:02.0723 4336        VgaSave - ok
14:44:02.0758 4336        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:44:02.0788 4336        vhdmp - ok
14:44:02.0833 4336        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:44:02.0862 4336        viaagp - ok
14:44:02.0895 4336        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:44:02.0939 4336        ViaC7 - ok
14:44:02.0974 4336        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:44:02.0996 4336        viaide - ok
14:44:03.0032 4336        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:44:03.0073 4336        vmbus - ok
14:44:03.0101 4336        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:44:03.0143 4336        VMBusHID - ok
14:44:03.0171 4336        VMnetAdapter - ok
14:44:03.0203 4336        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:44:03.0236 4336        volmgr - ok
14:44:03.0269 4336        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:03.0301 4336        volmgrx - ok
14:44:03.0337 4336        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:44:03.0368 4336        volsnap - ok
14:44:03.0409 4336        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:03.0438 4336        vsmraid - ok
14:44:03.0474 4336        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:03.0516 4336        vwifibus - ok
14:44:03.0553 4336        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:03.0584 4336        vwififlt - ok
14:44:03.0634 4336        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
14:44:03.0662 4336        vwifimp - ok
14:44:03.0696 4336        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:03.0750 4336        WacomPen - ok
14:44:03.0817 4336        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:03.0865 4336        WANARP - ok
14:44:03.0879 4336        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:03.0932 4336        Wanarpv6 - ok
14:44:03.0998 4336        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:44:04.0024 4336        Wd - ok
14:44:04.0061 4336        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:04.0100 4336        Wdf01000 - ok
14:44:04.0204 4336        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:04.0260 4336        WfpLwf - ok
14:44:04.0290 4336        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:44:04.0312 4336        WIMMount - ok
14:44:04.0429 4336        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:44:04.0488 4336        WinUsb - ok
14:44:04.0559 4336        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:04.0593 4336        WmiAcpi - ok
14:44:04.0672 4336        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:04.0734 4336        ws2ifsl - ok
14:44:04.0813 4336        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:44:04.0869 4336        WudfPf - ok
14:44:04.0920 4336        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:04.0966 4336        WUDFRd - ok
14:44:05.0074 4336        yukonw7        (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
14:44:05.0107 4336        yukonw7 - ok
14:44:05.0169 4336        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:44:05.0366 4336        \Device\Harddisk0\DR0 - ok
14:44:05.0376 4336        Boot (0x1200)  (667f560978a31c738f40320f2fe6a84b) \Device\Harddisk0\DR0\Partition0
14:44:05.0378 4336        \Device\Harddisk0\DR0\Partition0 - ok
14:44:05.0415 4336        Boot (0x1200)  (420a934c6dc317c684b131c93b6b74f3) \Device\Harddisk0\DR0\Partition1
14:44:05.0416 4336        \Device\Harddisk0\DR0\Partition1 - ok
14:44:05.0422 4336        ============================================================
14:44:05.0422 4336        Scan finished
14:44:05.0422 4336        ============================================================
14:44:05.0444 4836        Detected object count: 0
14:44:05.0444 4836        Actual detected object count: 0
Desktop sieht auch noch aus wie vorher und die Dokumente in Eigene Datein lassen sich auch noch öffenen.
Deshalb muss ich die unhide.exe nicht ausführen oder?

cosinus 14.01.2012 00:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Speedx 14.01.2012 00:49
Liste der Anhänge anzeigen (Anzahl: 1)
Wenn ich Combofix ausführen möchte, dann bekomme ich folgende Meldung:

Speedx 14.01.2012 02:09
Hab ComboFix nochmal neu runtergeladen und dann hat es auch funktioniert.
Hab dann die Fehlermeldung bekommen und Windows neu gestartet.

Das hier ist die Ausgabe:
Code:
ComboFix 12-01-13.05 - Kathi 13.01.2012  16:49:07.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3070.2482 [GMT -5:00]
ausgeführt von:: c:\users\Kathi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kathi\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-13 bis 2012-01-13  ))))))))))))))))))))))))))))))
.
.
2012-01-13 21:56 . 2012-01-13 21:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-13 20:57 . 2012-01-13 20:57        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\MpKsla14f518d.sys
2012-01-13 20:56 . 2012-01-13 20:56        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\offreg.dll
2012-01-13 20:56 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\mpengine.dll
2012-01-13 16:15 . 2012-01-13 16:15        --------        d-----w-        C:\_OTL
2012-01-12 23:06 . 2012-01-12 23:06        --------        d-----w-        c:\program files\ESET
2012-01-11 17:44 . 2012-01-11 17:44        626688        ----a-w-        c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 17:44 . 2012-01-11 17:44        548864        ----a-w-        c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-11 17:44 . 2012-01-11 17:44        479232        ----a-w-        c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-11 17:44 . 2012-01-11 17:44        43992        ----a-w-        c:\program files\Mozilla Firefox\mozutils.dll
2012-01-11 17:38 . 2012-01-11 17:38        --------        d-----w-        c:\program files\Common Files\Adobe
2012-01-11 06:30 . 2012-01-11 06:30        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2012-01-11 05:42 . 2011-11-17 05:38        1288472        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-10 00:06 . 2012-01-10 00:06        --------        d-----w-        c:\program files\Common Files\Java
2012-01-09 20:50 . 2012-01-09 20:50        --------        d-----w-        c:\windows\system32\Wat
2012-01-09 20:03 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-01-09 19:21 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll
2012-01-09 19:21 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\system32\psisrndr.ax
2012-01-09 19:21 . 2011-07-09 02:30        223744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2012-01-09 19:21 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-01-09 19:20 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll
2012-01-09 19:20 . 2011-03-11 05:39        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2012-01-09 19:20 . 2011-03-11 05:39        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2012-01-09 19:20 . 2011-03-11 05:39        148864        ----a-w-        c:\windows\system32\drivers\storport.sys
2012-01-09 19:19 . 2011-03-11 05:39        1211264        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-01-09 19:19 . 2011-03-11 05:31        74240        ----a-w-        c:\windows\system32\fsutil.exe
2012-01-09 19:19 . 2011-03-11 05:33        1699328        ----a-w-        c:\windows\system32\esent.dll
2012-01-09 19:19 . 2011-03-11 05:38        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2012-01-09 19:19 . 2011-03-11 05:38        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2012-01-09 19:19 . 2011-03-11 05:38        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2012-01-09 19:19 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-01-09 19:19 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys
2012-01-09 19:18 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2012-01-09 19:18 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\system32\oleacc.dll
2012-01-09 19:17 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2012-01-09 19:15 . 2011-06-15 08:55        86016        ----a-w-        c:\windows\system32\odbccu32.dll
2012-01-09 19:15 . 2011-06-15 08:55        163840        ----a-w-        c:\windows\system32\odbctrac.dll
2012-01-09 19:15 . 2011-06-15 08:54        94208        ----a-w-        c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-01-09 19:15 . 2011-06-15 08:55        81920        ----a-w-        c:\windows\system32\odbccr32.dll
2012-01-09 19:15 . 2011-06-15 08:55        122880        ----a-w-        c:\windows\system32\odbccp32.dll
2012-01-09 19:15 . 2011-06-15 08:55        319488        ----a-w-        c:\windows\system32\odbcjt32.dll
2012-01-09 19:15 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-01-09 19:15 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-01-09 17:49 . 2012-01-09 17:50        --------        d-----w-        C:\sh4ldr
2012-01-09 17:49 . 2012-01-09 17:49        --------        d-----w-        c:\program files\Enigma Software Group
2012-01-09 16:27 . 2012-01-09 16:27        --------        d-----w-        c:\users\Kathi\AppData\Roaming\Malwarebytes
2012-01-09 16:26 . 2012-01-09 16:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-09 16:26 . 2011-12-10 20:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-09 16:26 . 2012-01-09 16:26        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-01-09 07:59 . 2011-03-25 02:58        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2012-01-09 07:59 . 2011-03-25 02:58        284672        ----a-w-        c:\windows\system32\drivers\usbport.sys
2012-01-09 07:59 . 2011-03-25 02:57        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2012-01-09 07:59 . 2011-03-25 02:58        75776        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2012-01-09 07:59 . 2011-03-25 02:57        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2012-01-09 07:59 . 2011-03-25 02:57        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2012-01-09 07:59 . 2011-03-25 02:57        5888        ----a-w-        c:\windows\system32\drivers\usbd.sys
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 19:24 . 2011-06-10 22:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 17:24 . 2011-10-19 05:17        205984        ----a-w-        c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-11-21 10:47 . 2011-06-12 16:21        6823496        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 10:54 . 2011-06-11 12:03        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-10-19 04:48 . 2011-09-15 05:42        2027744        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-01-11 17:44 . 2011-06-10 22:19        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 2 (0x2)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0ac19252;MpKsl0ac19252;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C286789B-B38F-4F7B-8D31-03771D4C1157}\MpKsl0ac19252.sys [x]
R1 MpKsl17f321b5;MpKsl17f321b5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C87533E-F3B5-4509-8B91-E8351A88B183}\MpKsl17f321b5.sys [x]
R1 MpKsl271ab0ef;MpKsl271ab0ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl271ab0ef.sys [x]
R1 MpKsl8395dea6;MpKsl8395dea6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl8395dea6.sys [x]
R1 MpKsla90fc25b;MpKsla90fc25b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6290BB-F904-4AAE-8381-1E156A791E00}\MpKsla90fc25b.sys [x]
R1 MpKslc16a69d2;MpKslc16a69d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{262E863A-46AF-4FED-99F1-958418F58C4E}\MpKslc16a69d2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 KinectCamera;Microsoft Kinect Camera Driver;c:\windows\system32\Drivers\kinectcamera.sys [2011-07-21 37248]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-07-05 31848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1343400]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 MpKsla14f518d;MpKsla14f518d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BFA0DD-1C05-43AD-B9E7-991C0E5E8FEB}\MpKsla14f518d.sys [2012-01-13 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft Research KinectSDK\Service\KinectManagementService.exe [2011-07-21 119808]
S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2011-07-05 31848]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-07-05 35944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66198936
*NewlyCreated* - MPKSLA14F518D
*NewlyCreated* - MPKSLBD2E964A
*Deregistered* - 66198936
*Deregistered* - MpKslbd2e964a
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = 143.215.131.206:3128
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Kathi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
LSP: c:\program files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
TCP: DhcpNameServer = 142.25.115.12 142.25.115.1
FF - ProfilePath - c:\users\Kathi\AppData\Roaming\Mozilla\Firefox\Profiles\y0vv4hom.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1143421131-1780255174-1783343726-1000\Software\SecuROM\License information*]
"datasecu"=hex:33,bc,6b,e5,e7,4c,22,ed,29,00,0a,a5,f4,9b,1b,d5,35,bb,b3,11,b9,
  7f,d4,50,96,f7,fc,ec,f8,19,14,79,48,94,26,ee,e6,d4,fa,ab,a9,94,7f,72,4f,cb,\
"rkeysecu"=hex:a6,fd,05,f2,8b,55,28,4b,82,ab,b1,4d,e6,7f,72,92
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1784)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Kathi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-01-13  16:59:42
ComboFix-quarantined-files.txt  2012-01-13 21:59
.
Vor Suchlauf: 10 Verzeichnis(se), 55.983.071.232 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 55.891.742.720 Bytes frei
.
- - End Of File - - 444C88861B4E8D2E3BBA1A38A267768E

cosinus 14.01.2012 14:12
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130