Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus/ Trojana 79bjm5me7g (https://www.trojaner-board.de/108615-virus-trojana-79bjm5me7g.html)

michel_bo 26.01.2012 11:57
Virus/ Trojana 79bjm5me7g
 
Virus/Trojana 79bjm5me7g,

als ich danach gegooglet hab, weil ich nicht wusste was es ist, bin ich bei euch gelandet!ich denke das das mein problem ist!könnt ihr mir da weiter helfen?vielen dank schon mal dafür!

mein computer:

Hersteller: Packart Bell
Modell: EasyNote LJ65
Prozessor: Intel(R) core(TM)2 Duo CPU T6600 @ 2.20 GHz 2.20 GHz
Arbeitsspeicher (RAM): 4 GB
Systemtyp: 64 bit
Betriebssystem: win 7 + sevice pack 1

:dankeschoen:

LG Michel_bo

markusg 26.01.2012 12:32
hi,
das nächste mal, bitte eine genaue problem beschreibung.
versuche folgendes, starte neu, drücke f8 wähle abgesicherter modus mit netzwerk.
wenn dieser funktioniert, dort solltest du im internet wieder arbeiten können, dann weiter:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

michel_bo 26.01.2012 12:48
Sorry hatte ich vergessen,

Probleme wären da zum ersten geht immer ein Registrierungs-Editor mit auf und AntiVir Guar geht nicht mehr!
ich mach das mal mit dem otl

michel_bo 26.01.2012 13:20
also die Probleme fallen natürlich beim hochfahren auf.
so hier ist das zeug!OTL Logfile:
Code:
OTL logfile created on: 26.01.2012 13:02:42 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\michel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 86,70% Memory free
7,99 Gb Paging File | 7,48 Gb Available in Paging File | 93,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 237,92 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
 
Computer Name: FLUFF | User Name: michel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\michel\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\tsusbflt.sys ()
DRV:64bit: - (BrSerIb) Brother Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) Brother Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\DRIVERS\stexstor.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\XAudio64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 23:32:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.08 23:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michel\AppData\Roaming\mozilla\Extensions
[2012.01.08 02:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michel\AppData\Roaming\mozilla\Firefox\Profiles\0vswzgmp.default\extensions
[2011.12.20 17:15:24 | 000,000,933 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\11-suche.xml
[2011.12.20 17:15:24 | 000,002,419 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 17:15:24 | 000,010,525 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\gmx-suche.xml
[2011.12.20 17:15:24 | 000,002,457 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\lastminute.xml
[2011.12.20 17:15:24 | 000,005,508 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\webde-suche.xml
[2011.12.08 23:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MICHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VSWZGMP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.21 23:32:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.21 23:32:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.25 17:37:20 | 000,002,290 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\b00kmarks.xml
[2012.01.21 23:32:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.21 23:32:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.21 23:32:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.21 23:32:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.21 23:32:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [79bjm5me7g] C:\Users\michel\79bjm5me7g.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E0532C-E867-407E-8AF2-AA98FD6E041D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\yinghay: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\yinghay.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
 
MsConfig:64bit - StartUpReg: 79bjm5me7g - hkey= - key= - C:\Users\michel\79bjm5me7g.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 11:29:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\michel\Desktop\OTL.exe
[2012.01.22 12:09:47 | 000,427,264 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe
[2012.01.22 12:09:43 | 000,035,072 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll
[2012.01.22 12:09:42 | 000,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.01.22 12:09:42 | 000,019,200 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll
[2012.01.22 12:09:42 | 000,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll
[2012.01.21 23:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.01.21 23:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008
[2012.01.21 23:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2008
[2012.01.21 23:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.12.31 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\michel\AppData\Roaming\vlc
[2011.12.31 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2009.08.28 05:36:17 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 13:01:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.26 13:01:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.26 13:01:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.26 13:01:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.26 13:01:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.26 12:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 12:56:32 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 12:52:41 | 000,000,000 | ---- | M] () -- C:\Users\michel\AppData\Local\{83C3288F-6683-4BAD-9B2B-F0471679D365}
[2012.01.26 12:52:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 12:52:32 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.26 12:49:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 12:49:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 12:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 11:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\michel\Desktop\OTL.exe
[2012.01.22 12:09:47 | 000,427,264 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe
[2012.01.21 23:51:18 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:17 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.21 23:34:48 | 000,048,592 | ---- | M] () -- C:\Windows\SysNative\drivers\1ed38b5879346219.sys
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\ProgramData\79bjm5me7g.exe
[2012.01.20 10:01:24 | 304,471,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.31 21:26:46 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 10:38:49 | 000,350,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.01.26 12:52:41 | 000,000,000 | ---- | C] () -- C:\Users\michel\AppData\Local\{83C3288F-6683-4BAD-9B2B-F0471679D365}
[2012.01.21 23:51:52 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.21 23:51:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:18 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:17 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.21 23:34:48 | 000,048,592 | ---- | C] () -- C:\Windows\SysNative\drivers\1ed38b5879346219.sys
[2012.01.21 23:31:12 | 000,033,280 | ---- | C] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.21 21:14:31 | 000,033,280 | ---- | C] () -- C:\ProgramData\79bjm5me7g.exe
[2012.01.20 10:01:24 | 304,471,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.31 21:26:46 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.28 20:23:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011.12.28 20:23:57 | 003,145,216 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.12.13 00:47:38 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.12.13 00:47:38 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.12.13 00:47:38 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.12.12 22:08:57 | 000,036,990 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.12.08 19:19:36 | 000,000,333 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.08 19:19:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.08 19:09:18 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.03 21:07:35 | 000,000,000 | ---- | C] () -- C:\Users\michel\AppData\Roaming\wklnhst.dat
[2011.09.05 16:10:42 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.08.30 18:07:08 | 000,003,441 | ---- | C] () -- C:\Windows\messer.ini
[2011.08.30 18:04:38 | 000,001,466 | ---- | C] () -- C:\Users\michel\AppData\Local\RecConfig.xml
[2009.08.28 06:22:37 | 000,025,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\DKbFltr.sys
[2009.08.28 05:26:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.09.05 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\Audacity
[2011.09.07 08:33:39 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\FMZilla
[2011.11.24 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\runic games
[2011.12.09 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\TuneUp Software
[2012.01.26 12:52:32 | 000,000,514 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.01.21 15:10:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.30 04:00:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.08.25 20:10:22 | 000,000,000 | -H-D | M] -- C:\AcerSW
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.05 16:53:46 | 000,000,000 | ---D | M] -- C:\downloads
[2009.08.28 05:32:16 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.28 05:43:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.25 21:21:51 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.12 21:54:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.21 23:50:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.21 23:51:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.26 10:56:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.25 21:31:37 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.26 12:56:33 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.03.26 04:16:08 | 000,025,608 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\DKbFltr.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll
[2011.08.30 18:01:59 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.08.30 18:01:59 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.11.03 23:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2010.11.20 03:19:58 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll
 
< %USERPROFILE%\*.* >
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.26 13:07:32 | 001,835,008 | -HS- | M] () -- C:\Users\michel\ntuser.dat
[2012.01.26 13:07:32 | 000,262,144 | -HS- | M] () -- C:\Users\michel\ntuser.dat.LOG1
[2011.08.24 19:46:07 | 000,000,000 | -HS- | M] () -- C:\Users\michel\ntuser.dat.LOG2
[2011.08.25 00:43:54 | 000,065,536 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.08.25 00:43:54 | 000,524,288 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 00:43:54 | 000,524,288 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.08.29 16:27:34 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TM.blf
[2011.08.29 16:27:34 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.29 16:27:34 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.25 21:44:23 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TM.blf
[2011.08.25 21:44:23 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 21:44:23 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.30 17:38:26 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TM.blf
[2011.08.30 17:38:25 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.30 17:38:26 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.09.04 18:16:06 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TM.blf
[2011.09.04 18:16:06 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.09.04 18:16:06 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.25 20:10:27 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TM.blf
[2011.08.25 20:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 20:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.24 19:46:07 | 000,000,020 | -HS- | M] () -- C:\Users\michel\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1D32EC29

< End of report >
--- --- ---

michel_bo 26.01.2012 13:24
das extra.text zeug gibs bei mir nicht wo find ich das?hat sich nicht so geöffnet wie das von otl.text!
:killpc:

michel_bo 26.01.2012 14:33
2 versuch!OTL Logfile:
Code:
OTL logfile created on: 26.01.2012 14:17:27 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\michel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 79,81% Memory free
7,99 Gb Paging File | 7,36 Gb Available in Paging File | 92,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 237,82 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
 
Computer Name: FLUFF | User Name: michel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\michel\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys ()
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys ()
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\tsusbflt.sys ()
DRV:64bit: - (BrSerIb) Brother Serial Interface Driver(WDM) -- C:\Windows\SysNative\DRIVERS\BrSerIb.sys ()
DRV:64bit: - (BrUsbSIb) Brother Serial USB Driver(WDM) -- C:\Windows\SysNative\DRIVERS\BrUsbSIb.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\DRIVERS\amdsbs.sys ()
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys ()
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\DRIVERS\stexstor.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys ()
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\DRIVERS\evbda.sys ()
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\DRIVERS\bxvbda.sys ()
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys ()
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys ()
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\XAudio64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 23:32:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.08 23:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michel\AppData\Roaming\mozilla\Extensions
[2012.01.08 02:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michel\AppData\Roaming\mozilla\Firefox\Profiles\0vswzgmp.default\extensions
[2011.12.20 17:15:24 | 000,000,933 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\11-suche.xml
[2011.12.20 17:15:24 | 000,002,419 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\englische-ergebnisse.xml
[2011.12.20 17:15:24 | 000,010,525 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\gmx-suche.xml
[2011.12.20 17:15:24 | 000,002,457 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\lastminute.xml
[2011.12.20 17:15:24 | 000,005,508 | ---- | M] () -- C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\searchplugins\webde-suche.xml
[2011.12.08 23:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MICHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VSWZGMP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.21 23:32:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.21 23:32:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.25 17:37:20 | 000,002,290 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\b00kmarks.xml
[2012.01.21 23:32:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.21 23:32:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.21 23:32:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.21 23:32:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.21 23:32:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [79bjm5me7g] C:\Users\michel\79bjm5me7g.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EE9F0E-DC76-4C0D-A8FB-271F8A83D394}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E0532C-E867-407E-8AF2-AA98FD6E041D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\yinghay: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\yinghay.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 11:29:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\michel\Desktop\OTL.exe
[2012.01.22 12:09:47 | 000,427,264 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe
[2012.01.22 12:09:43 | 000,035,072 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll
[2012.01.22 12:09:42 | 000,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.01.22 12:09:42 | 000,019,200 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysNative\authuitu.dll
[2012.01.22 12:09:42 | 000,016,640 | ---- | C] (TuneUp Software GmbH) -- C:\Windows\SysWow64\authuitu.dll
[2012.01.21 23:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.01.21 23:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008
[2012.01.21 23:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2008
[2012.01.21 23:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.01.17 11:21:19 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.17 11:21:19 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.17 11:21:19 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.17 11:21:19 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.17 11:21:17 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.17 11:20:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.17 11:20:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011.12.31 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\michel\AppData\Roaming\vlc
[2011.12.31 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.28 20:26:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.28 20:26:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.28 20:26:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.28 20:26:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.28 20:26:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.28 20:26:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.28 20:26:33 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.28 20:26:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.28 20:26:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.28 20:26:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.28 20:26:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.28 20:23:58 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.28 20:23:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009.08.28 05:36:17 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 13:01:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.26 13:01:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.26 13:01:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.26 13:01:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.26 13:01:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.26 12:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 12:56:32 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 12:52:41 | 000,000,000 | ---- | M] () -- C:\Users\michel\AppData\Local\{83C3288F-6683-4BAD-9B2B-F0471679D365}
[2012.01.26 12:52:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 12:52:32 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.26 12:49:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 12:49:02 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 12:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 11:29:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\michel\Desktop\OTL.exe
[2012.01.22 12:09:47 | 000,427,264 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe
[2012.01.21 23:51:18 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:17 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.21 23:34:48 | 000,048,592 | ---- | M] () -- C:\Windows\SysNative\drivers\1ed38b5879346219.sys
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\ProgramData\79bjm5me7g.exe
[2012.01.20 10:01:24 | 304,471,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.31 21:26:46 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.29 10:38:49 | 000,350,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.01.26 12:52:41 | 000,000,000 | ---- | C] () -- C:\Users\michel\AppData\Local\{83C3288F-6683-4BAD-9B2B-F0471679D365}
[2012.01.21 23:51:52 | 000,000,514 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.21 23:51:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:18 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2008.lnk
[2012.01.21 23:51:17 | 000,000,718 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.21 23:34:48 | 000,048,592 | ---- | C] () -- C:\Windows\SysNative\drivers\1ed38b5879346219.sys
[2012.01.21 23:31:12 | 000,033,280 | ---- | C] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.21 21:14:31 | 000,033,280 | ---- | C] () -- C:\ProgramData\79bjm5me7g.exe
[2012.01.20 10:01:24 | 304,471,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.31 21:26:46 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.12.28 20:23:59 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011.12.28 20:23:57 | 003,145,216 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.12.13 00:47:38 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.12.13 00:47:38 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.12.13 00:47:38 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.12.12 22:08:57 | 000,036,990 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.12.08 19:19:36 | 000,000,333 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.08 19:19:36 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.08 19:09:18 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.03 21:07:35 | 000,000,000 | ---- | C] () -- C:\Users\michel\AppData\Roaming\wklnhst.dat
[2011.09.05 16:10:42 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.08.30 18:07:08 | 000,003,441 | ---- | C] () -- C:\Windows\messer.ini
[2011.08.30 18:04:38 | 000,001,466 | ---- | C] () -- C:\Users\michel\AppData\Local\RecConfig.xml
[2009.08.28 06:22:37 | 000,025,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\DKbFltr.sys
[2009.08.28 05:26:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.09.05 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\Audacity
[2011.09.07 08:33:39 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\FMZilla
[2011.11.24 17:05:33 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\runic games
[2011.12.09 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\michel\AppData\Roaming\TuneUp Software
[2012.01.26 12:52:32 | 000,000,514 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.01.21 15:10:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.30 04:00:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.08.25 20:10:22 | 000,000,000 | -H-D | M] -- C:\AcerSW
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.05 16:53:46 | 000,000,000 | ---D | M] -- C:\downloads
[2009.08.28 05:32:16 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.28 05:43:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.25 21:21:51 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.12 21:54:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.21 23:50:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.21 23:51:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.24 19:45:40 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.26 10:56:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.25 21:31:37 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.26 12:56:33 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.03.26 04:16:08 | 000,025,608 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\DKbFltr.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\Users\michel\79bjm5me7g.exe
[2012.01.26 14:21:55 | 001,835,008 | -HS- | M] () -- C:\Users\michel\ntuser.dat
[2012.01.26 14:21:54 | 000,262,144 | -HS- | M] () -- C:\Users\michel\ntuser.dat.LOG1
[2011.08.24 19:46:07 | 000,000,000 | -HS- | M] () -- C:\Users\michel\ntuser.dat.LOG2
[2011.08.25 00:43:54 | 000,065,536 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.08.25 00:43:54 | 000,524,288 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 00:43:54 | 000,524,288 | -HS- | M] () -- C:\Users\michel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.08.29 16:27:34 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TM.blf
[2011.08.29 16:27:34 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.29 16:27:34 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{0801c784-d197-11e0-ac07-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.25 21:44:23 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TM.blf
[2011.08.25 21:44:23 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 21:44:23 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{435a9e0c-cf56-11e0-bdad-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.30 17:38:26 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TM.blf
[2011.08.30 17:38:25 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.30 17:38:26 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{afa09857-d31e-11e0-b5ea-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.09.04 18:16:06 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TM.blf
[2011.09.04 18:16:06 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.09.04 18:16:06 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{c1178278-d714-11e0-a88d-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.25 20:10:27 | 000,065,536 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TM.blf
[2011.08.25 20:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 20:10:27 | 000,524,288 | -HS- | M] () -- C:\Users\michel\ntuser.dat{d9d7f333-cf4b-11e0-bf5d-0026227a3324}.TMContainer00000000000000000002.regtrans-ms
[2011.08.24 19:46:07 | 000,000,020 | -HS- | M] () -- C:\Users\michel\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1D32EC29

< End of report >
--- --- ---

michel_bo 26.01.2012 14:35
jetzt auch mit extra txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.01.2012 14:17:27 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\michel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,19 Gb Available Physical Memory | 79,81% Memory free
7,99 Gb Paging File | 7,36 Gb Available in Paging File | 92,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 237,82 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
 
Computer Name: FLUFF | User Name: michel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65B43D6A-6B8F-46F1-8362-7985822F3A80}_is1" = D2SE V2.2.0
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Diablo II" = Diablo II
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2012 16:32:58 | Computer Name = FluFF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000001d  Fehleroffset: 0x00000000012a4000
ID
 des fehlerhaften Prozesses: 0x96c  Startzeit der fehlerhaften Anwendung: 0x01ccd7b2ae638551
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: f0323ab8-43a5-11e1-8ff1-0026227a3324
 
Error - 20.01.2012 16:32:58 | Computer Name = FluFF | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.01.2012 16:33:08 | Computer Name = FluFF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0000000000c94000
ID
 des fehlerhaften Prozesses: 0xab4  Startzeit der fehlerhaften Anwendung: 0x01ccd7b2b45eacdc
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: f659f12b-43a5-11e1-8ff1-0026227a3324
 
Error - 20.01.2012 16:33:08 | Computer Name = FluFF | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.01.2012 16:33:28 | Computer Name = FluFF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0000000000264000
ID
 des fehlerhaften Prozesses: 0xf54  Startzeit der fehlerhaften Anwendung: 0x01ccd7b2c044f627
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 020839b4-43a6-11e1-8ff1-0026227a3324
 
Error - 20.01.2012 16:33:28 | Computer Name = FluFF | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.01.2012 16:33:39 | Computer Name = FluFF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0000000000c04000
ID
 des fehlerhaften Prozesses: 0x6c0  Startzeit der fehlerhaften Anwendung: 0x01ccd7b2c6597271
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 0898506d-43a6-11e1-8ff1-0026227a3324
 
Error - 20.01.2012 16:33:39 | Computer Name = FluFF | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.01.2012 16:33:48 | Computer Name = FluFF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0000000000c04000
ID
 des fehlerhaften Prozesses: 0xdf4  Startzeit der fehlerhaften Anwendung: 0x01ccd7b2cc56bce5
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 0e036add-43a6-11e1-8ff1-0026227a3324
 
Error - 20.01.2012 16:33:48 | Computer Name = FluFF | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:    Der Fehlerwert
 ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie
die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem, das selbstständig
 behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht
 auf die Datei zugreifen können und  - diese sich im Netzwerk befindet,  dann sollte
 der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass
 eine Verbindung mit dem Server hergestellt werden kann.  - diese sich auf einem Wechseldatenträger,
 wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger
 richtig in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.  Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
[ System Events ]
Error - 16.12.2011 03:35:56 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies ist
 bereits 18 Mal passiert.
 
Error - 16.12.2011 03:41:07 | Computer Name = FluFF | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Computerbrowser" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 16.12.2011 03:41:07 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Server" wurde unerwartet beendet. Dies ist bereits 76 Mal
passiert.
 
Error - 16.12.2011 03:44:59 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Computerbrowser" wurde unerwartet beendet. Dies ist bereits
 3 Mal passiert.
 
Error - 16.12.2011 03:44:59 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Server" wurde unerwartet beendet. Dies ist bereits 77 Mal
passiert.
 
Error - 16.12.2011 03:49:23 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Computerbrowser" wurde unerwartet beendet. Dies ist bereits
 4 Mal passiert.
 
Error - 16.12.2011 03:49:23 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Server" wurde unerwartet beendet. Dies ist bereits 78 Mal
passiert.
 
Error - 16.12.2011 03:56:59 | Computer Name = FluFF | Source = bowser | ID = 8003
Description =
 
Error - 16.12.2011 03:57:07 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Computerbrowser" wurde unerwartet beendet. Dies ist bereits
 5 Mal passiert.
 
Error - 16.12.2011 03:57:07 | Computer Name = FluFF | Source = Service Control Manager | ID = 7034
Description = Dienst "Server" wurde unerwartet beendet. Dies ist bereits 79 Mal
passiert.
 
 
< End of report >
--- --- ---

markusg 26.01.2012 16:09
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [79bjm5me7g] C:\Users\michel\79bjm5me7g.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
MsConfig:64bit - StartUpReg: 79bjm5me7g - hkey= - key= - C:\Users\michel\79bjm5me7g.exe ()
[2012.01.21 21:14:28 | 000,033,280 | ---- | M] () -- C:\ProgramData\79bjm5me7g.exe
 :Files
C:\Users\michel\79bjm5me7g.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

michel_bo 26.01.2012 17:01
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\79bjm5me7g deleted successfully.
File move failed. C:\Users\michel\79bjm5me7g.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\79bjm5me7g\ not found.
File move failed. C:\ProgramData\79bjm5me7g.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: michel
->Flash cache emptied: 9802 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: michel
->Temp folder emptied: 2798329 bytes
->Temporary Internet Files folder emptied: 38096127 bytes
->FireFox cache emptied: 421325651 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 447162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 441,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01262012_165528

Files\Folders moved on Reboot...
File move failed. C:\Users\michel\79bjm5me7g.exe scheduled to be moved on reboot.
File move failed. C:\ProgramData\79bjm5me7g.exe scheduled to be moved on reboot.
C:\Users\michel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

michel_bo 26.01.2012 17:09
das ding hochladen hat auch geklappt

:pfeiff:

markusg 26.01.2012 17:10
hi, hast du den neustart ausgeführt in den normalen modus? wurde das archiv nach neustart, wenn er denn erfolgreich war, erstellt oder vorher, falls dem so ist, archiv erneut erstellen und hochladen

michel_bo 26.01.2012 18:13
also wenn du mit archiv _OTL meintest dann war das nach dem neustart in den normalen modus da!und hoch geladen hatte ich es auch schon!soll ich noch mal?

markusg 26.01.2012 18:19
nein,
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

michel_bo 26.01.2012 18:59
Combofix Logfile:
Code:
ComboFix 12-01-26.01 - michel 26.01.2012  18:40:47.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4094.2877 [GMT 1:00]
ausgeführt von:: c:\users\michel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-26 bis 2012-01-26  ))))))))))))))))))))))))))))))
.
.
2012-01-26 17:46 . 2012-01-26 17:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-26 17:02 . 2012-01-26 17:03        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 16:04 . 2012-01-26 16:04        --------        d-----w-        c:\program files\7-Zip
2012-01-26 15:55 . 2012-01-26 16:05        --------        d-----w-        C:\_OTL
2012-01-21 22:32 . 2012-01-21 22:32        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-21 22:32 . 2012-01-21 22:32        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-21 22:32 . 2012-01-21 22:32        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-21 22:32 . 2012-01-21 22:32        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-21 22:31 . 2012-01-21 20:14        33280        ----a-w-        c:\users\michel\79bjm5me7g.exe
2012-01-21 20:14 . 2012-01-21 20:14        33280        ----a-w-        c:\programdata\79bjm5me7g.exe
2012-01-17 10:22 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0894C120-62E5-435C-BC89-3D94CA5AAE24}\mpengine.dll
2012-01-17 10:21 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-17 10:21 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-17 10:21 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-17 10:21 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-17 10:21 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-17 10:21 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-17 10:20 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-17 10:20 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2011-12-31 20:27 . 2012-01-26 09:58        --------        d-----w-        c:\users\michel\AppData\Roaming\vlc
2011-12-28 19:24 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-28 19:24 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-28 19:23 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-28 19:23 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-28 19:23 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-28 19:23 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 23:47 . 2011-12-12 23:47        21840        ----a-w-        c:\windows\SysWow64\SIntfNT.dll
2011-12-12 23:47 . 2011-12-12 23:47        17212        ----a-w-        c:\windows\SysWow64\SIntf32.dll
2011-12-12 23:47 . 2011-12-12 23:47        12067        ----a-w-        c:\windows\SysWow64\SIntf16.dll
2011-12-12 21:08 . 2011-12-12 21:08        2829        ----a-w-        c:\windows\DIIUnin.pif
2011-12-12 21:08 . 2011-12-12 21:08        102400        ----a-w-        c:\windows\DIIUnin.exe
2011-11-15 13:29 . 2011-10-24 16:27        270720        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 135664]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - 1ed38b5879346219
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 15:04]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 15:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-06 828960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\
FF - prefs.js: browser.startup.homepage - www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
Notify-yinghay - c:\windows\system32\config\systemprofile\AppData\Local\yinghay.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1ed38b5879346219]
"ImagePath"="\SystemRoot\System32\Drivers\1ed38b5879346219.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:52,82,c6,a3,82,92,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-26  18:57:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-26 17:57
.
Vor Suchlauf: 9 Verzeichnis(se), 255.128.588.288 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 254.938.046.464 Bytes frei
.
- - End Of File - - 30B20BF112D20054FD8F176F4CE5024E
--- --- ---

markusg 26.01.2012 19:04
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

michel_bo 26.01.2012 19:48
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
michel :: FLUFF [Administrator]

Schutz: Deaktiviert

26.01.2012 19:10:28
mbam-log-2012-01-26 (19-10-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354560
Laufzeit: 36 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\michel\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 26.01.2012 19:57
sehr gut

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

michel_bo 26.01.2012 20:10
7-Zip 9.20 (x64 edition) Igor Pavlov 25.01.2012 4,53MB 9.20.00.0 notwendig
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 25.01.2012 6,00MB 11.1.102.55 notwendig
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 25.01.2012 6,00MB 11.1.102.55 notwendig
CCleaner Piriform 25.01.2012 3.14
Compatibility Pack für 2007 Office System Microsoft Corporation 07.01.2012 71,8MB 12.0.6425.1000
D2SE V2.2.0 Seltsamuel 11.12.2011 2.2.0 notwendig
Diablo II 11.12.2011 notwendig
Identity Card Packard Bell 23.08.2011 1.00.3001
Launch Manager Packard Bell 23.08.2011 3.0.03
Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 25.01.2012 18,6MB 1.60.0.1800
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 27.08.2009 12.0.6425.1000
Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 25.08.2011 12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 07.01.2012 13,8MB 12.0.6425.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 26.08.2009 8,37MB 2.9
Microsoft Silverlight Microsoft Corporation 19.10.2011 52,5MB 4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24.08.2011 1,72MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.08.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 25.08.2011 0,56MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.11.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.08.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.08.2011 0,59MB 9.0.30729.6161
Microsoft Works Microsoft Corporation 25.08.2011 710MB 9.7.0621
Mozilla Firefox 9.0.1 (x86 de) Mozilla 20.01.2012 161,0MB 9.0.1 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.08.2011 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.08.2011 1,33MB 4.20.9876.0
NVIDIA Drivers NVIDIA Corporation 23.08.2011 1.5
Packard Bell InfoCentre Packard Bell 23.08.2011 3.02.3000
Packard Bell MyBackup NewTech Infosystems 26.08.2009 27,7MB 2.0.0.22
Packard Bell Power Management Packard Bell 26.08.2009 4.05.3002
Packard Bell Recovery Management Packard Bell 24.08.2011 4.05.3003
Packard Bell Registration Packard Bell 23.08.2011 1.02.3004
Packard Bell ScreenSaver Packard Bell Incorporated 23.08.2011 1.4.0730
Packard Bell Updater Packard Bell 26.08.2009 1.01.3014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.08.2011 6.0.1.5904
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 26.08.2009 6.1.7600.30102
Skype™ 5.5 Skype Technologies S.A. 03.11.2011 17,0MB 5.5.124 notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 23.08.2011 13.2.2.0
Torchlight JoWooD 23.11.2011 455MB 1.0.0 notwendig
Video Web Camera SuYin 24.08.2011 0.5.11.1
VLC media player 1.1.11 VideoLAN 30.12.2011 1.1.11 notwendig
Welcome Center Packard Bell 23.08.2011 1.00.3005
Windows Live Anmelde-Assistent Microsoft Corporation 24.08.2011 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 24.08.2011 14.0.8064.0206
Windows Live Sync Microsoft Corporation 24.08.2011 2,80MB 14.0.8064.206
Windows Live-Uploadtool Microsoft Corporation 24.08.2011 0,22MB 14.0.8014.1029

überall wo ich nichts dahinter geschrieben habe war drauf!außer die 2 von euch

markusg 26.01.2012 20:30
sehr aufgeräumt und sogar gut mit updates versorgt, vorbildlich.
öffne ccleaner, analysieren, bereinigen.
neustarten, testen ob pc und programme nach wunsch laufen.

michel_bo 26.01.2012 20:37
jep läuft wieder!problem ist nur noch das avira was ich zwischendurch wieder runter hatte und jetzt als letztes wieder druff jetan hab immer noch nicht läuft!also der echtzeit scanner nicht!gibt es denn noch ein anderes antivieren programm für lau was vernünftig ist!
und echt vielen dank noch mal bis jetzt!
:bussi:

markusg 26.01.2012 21:41
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- am ende aktion skip wählen, log posten

michel_bo 27.01.2012 00:21
00:12:54.0738 0664 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
00:12:54.0831 0664 ============================================================
00:12:54.0831 0664 Current date / time: 2012/01/27 00:12:54.0831
00:12:54.0831 0664 SystemInfo:
00:12:54.0831 0664
00:12:54.0831 0664 OS Version: 6.1.7601 ServicePack: 1.0
00:12:54.0831 0664 Product type: Workstation
00:12:54.0831 0664 ComputerName: FLUFF
00:12:54.0831 0664 UserName: michel
00:12:54.0831 0664 Windows directory: C:\Windows
00:12:54.0831 0664 System windows directory: C:\Windows
00:12:54.0831 0664 Running under WOW64
00:12:54.0831 0664 Processor architecture: Intel x64
00:12:54.0831 0664 Number of processors: 2
00:12:54.0831 0664 Page size: 0x1000
00:12:54.0831 0664 Boot type: Normal boot
00:12:54.0831 0664 ============================================================
00:12:58.0903 0664 !crdlk
00:12:58.0996 0664 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
00:12:59.0074 0664 Initialize success
00:13:52.0021 1536 ============================================================
00:13:52.0021 1536 Scan started
00:13:52.0021 1536 Mode: Manual; SigCheck; TDLFS;
00:13:52.0021 1536 ============================================================
00:13:52.0692 1536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:13:52.0692 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\1394ohci.sys. md5: a87d604aea360176311474c87a63bb88
00:13:52.0723 1536 1394ohci ( LockedFile.Multi.Generic ) - warning
00:13:52.0723 1536 1394ohci - detected LockedFile.Multi.Generic (1)
00:13:52.0723 1536 Suspicious service (NoAccess): 1ed38b5879346219
00:13:52.0832 1536 1ed38b5879346219 (9255ba715f24f3fae827385ca80bc380) C:\Windows\System32\Drivers\1ed38b5879346219.sys
00:13:52.0832 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\1ed38b5879346219.sys. md5: 9255ba715f24f3fae827385ca80bc380
00:13:52.0863 1536 1ed38b5879346219 ( LockedService.Multi.Generic ) - warning
00:13:52.0863 1536 1ed38b5879346219 - detected LockedService.Multi.Generic (1)
00:13:52.0895 1536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:13:52.0895 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ACPI.sys. md5: d81d9e70b8a6dd14d42d7b4efa65d5f2
00:13:52.0910 1536 ACPI ( LockedFile.Multi.Generic ) - warning
00:13:52.0910 1536 ACPI - detected LockedFile.Multi.Generic (1)
00:13:53.0019 1536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:13:53.0019 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\acpipmi.sys. md5: 99f8e788246d495ce3794d7e7821d2ca
00:13:53.0066 1536 AcpiPmi ( LockedFile.Multi.Generic ) - warning
00:13:53.0066 1536 AcpiPmi - detected LockedFile.Multi.Generic (1)
00:13:53.0207 1536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:13:53.0207 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\adp94xx.sys. md5: 2f6b34b83843f0c5118b63ac634f5bf4
00:13:53.0238 1536 adp94xx ( LockedFile.Multi.Generic ) - warning
00:13:53.0238 1536 adp94xx - detected LockedFile.Multi.Generic (1)
00:13:53.0347 1536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:13:53.0347 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\adpahci.sys. md5: 597f78224ee9224ea1a13d6350ced962
00:13:53.0378 1536 adpahci ( LockedFile.Multi.Generic ) - warning
00:13:53.0378 1536 adpahci - detected LockedFile.Multi.Generic (1)
00:13:53.0503 1536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:13:53.0503 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\adpu320.sys. md5: e109549c90f62fb570b9540c4b148e54
00:13:53.0534 1536 adpu320 ( LockedFile.Multi.Generic ) - warning
00:13:53.0534 1536 adpu320 - detected LockedFile.Multi.Generic (1)
00:13:53.0690 1536 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:13:53.0690 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\afd.sys. md5: d5b031c308a409a0a576bff4cf083d30
00:13:53.0706 1536 AFD ( LockedFile.Multi.Generic ) - warning
00:13:53.0706 1536 AFD - detected LockedFile.Multi.Generic (1)
00:13:53.0815 1536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:13:53.0815 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\agp440.sys. md5: 608c14dba7299d8cb6ed035a68a15799
00:13:53.0831 1536 agp440 ( LockedFile.Multi.Generic ) - warning
00:13:53.0831 1536 agp440 - detected LockedFile.Multi.Generic (1)
00:13:53.0971 1536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:13:53.0971 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\aliide.sys. md5: 5812713a477a3ad7363c7438ca2ee038
00:13:53.0971 1536 aliide ( LockedFile.Multi.Generic ) - warning
00:13:53.0971 1536 aliide - detected LockedFile.Multi.Generic (1)
00:13:54.0002 1536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:13:54.0002 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\amdide.sys. md5: 1ff8b4431c353ce385c875f194924c0c
00:13:54.0018 1536 amdide ( LockedFile.Multi.Generic ) - warning
00:13:54.0018 1536 amdide - detected LockedFile.Multi.Generic (1)
00:13:54.0127 1536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:13:54.0127 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 7024f087cff1833a806193ef9d22cda9
00:13:54.0158 1536 AmdK8 ( LockedFile.Multi.Generic ) - warning
00:13:54.0158 1536 AmdK8 - detected LockedFile.Multi.Generic (1)
00:13:54.0189 1536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:13:54.0189 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 1e56388b3fe0d031c44144eb8c4d6217
00:13:54.0205 1536 AmdPPM ( LockedFile.Multi.Generic ) - warning
00:13:54.0205 1536 AmdPPM - detected LockedFile.Multi.Generic (1)
00:13:54.0330 1536 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
00:13:54.0330 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\amdsata.sys. md5: 6ec6d772eae38dc17c14aed9b178d24b
00:13:54.0361 1536 amdsata ( LockedFile.Multi.Generic ) - warning
00:13:54.0361 1536 amdsata - detected LockedFile.Multi.Generic (1)
00:13:54.0470 1536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:13:54.0470 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: f67f933e79241ed32ff46a4f29b5120b
00:13:54.0501 1536 amdsbs ( LockedFile.Multi.Generic ) - warning
00:13:54.0501 1536 amdsbs - detected LockedFile.Multi.Generic (1)
00:13:54.0579 1536 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
00:13:54.0579 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\amdxata.sys. md5: 1142a21db581a84ea5597b03a26ebaa0
00:13:54.0595 1536 amdxata ( LockedFile.Multi.Generic ) - warning
00:13:54.0595 1536 amdxata - detected LockedFile.Multi.Generic (1)
00:13:54.0689 1536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:13:54.0689 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: 89a69c3f2f319b43379399547526d952
00:13:54.0704 1536 AppID ( LockedFile.Multi.Generic ) - warning
00:13:54.0704 1536 AppID - detected LockedFile.Multi.Generic (1)
00:13:54.0860 1536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:13:54.0860 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: c484f8ceb1717c540242531db7845c4e
00:13:54.0891 1536 arc ( LockedFile.Multi.Generic ) - warning
00:13:54.0891 1536 arc - detected LockedFile.Multi.Generic (1)
00:13:54.0923 1536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:13:54.0923 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019af6924aefe7839f61c830227fe79c
00:13:54.0923 1536 arcsas ( LockedFile.Multi.Generic ) - warning
00:13:54.0923 1536 arcsas - detected LockedFile.Multi.Generic (1)
00:13:55.0032 1536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:13:55.0032 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765ce2cc62867468cea93969b2242
00:13:55.0047 1536 AsyncMac ( LockedFile.Multi.Generic ) - warning
00:13:55.0047 1536 AsyncMac - detected LockedFile.Multi.Generic (1)
00:13:55.0172 1536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:13:55.0172 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\atapi.sys. md5: 02062c0b390b7729edc9e69c680a6f3c
00:13:55.0203 1536 atapi ( LockedFile.Multi.Generic ) - warning
00:13:55.0203 1536 atapi - detected LockedFile.Multi.Generic (1)
00:13:55.0406 1536 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
00:13:55.0406 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\atikmdag.sys. md5: 3efd964d52221360af0673cd61c2f4f5
00:13:55.0453 1536 atikmdag ( LockedFile.Multi.Generic ) - warning
00:13:55.0453 1536 atikmdag - detected LockedFile.Multi.Generic (1)
00:13:55.0625 1536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:13:55.0625 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3e5b191307609f7514148c6832bb0842
00:13:55.0640 1536 b06bdrv ( LockedFile.Multi.Generic ) - warning
00:13:55.0640 1536 b06bdrv - detected LockedFile.Multi.Generic (1)
00:13:55.0765 1536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:13:55.0765 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: b5ace6968304a3900eeb1ebfd9622df2
00:13:55.0796 1536 b57nd60a ( LockedFile.Multi.Generic ) - warning
00:13:55.0796 1536 b57nd60a - detected LockedFile.Multi.Generic (1)
00:13:55.0937 1536 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:13:55.0937 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bcmwl664.sys. md5: 9e84a931dbee0292e38ed672f6293a99
00:13:55.0968 1536 BCM43XX ( LockedFile.Multi.Generic ) - warning
00:13:55.0968 1536 BCM43XX - detected LockedFile.Multi.Generic (1)
00:13:56.0093 1536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:13:56.0093 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Beep.sys. md5: 16a47ce2decc9b099349a5f840654746
00:13:56.0108 1536 Beep ( LockedFile.Multi.Generic ) - warning
00:13:56.0108 1536 Beep - detected LockedFile.Multi.Generic (1)
00:13:56.0311 1536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:13:56.0311 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583ee3c3a17003c4acd0475646b4d3
00:13:56.0327 1536 blbdrive ( LockedFile.Multi.Generic ) - warning
00:13:56.0327 1536 blbdrive - detected LockedFile.Multi.Generic (1)
00:13:56.0436 1536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:13:56.0436 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6c02a83164f5cc0a262f4199f0871cf5
00:13:56.0451 1536 bowser ( LockedFile.Multi.Generic ) - warning
00:13:56.0451 1536 bowser - detected LockedFile.Multi.Generic (1)
00:13:56.0483 1536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:13:56.0483 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: f09eee9edc320b5e1501f749fde686c8
00:13:56.0498 1536 BrFiltLo ( LockedFile.Multi.Generic ) - warning
00:13:56.0498 1536 BrFiltLo - detected LockedFile.Multi.Generic (1)
00:13:56.0592 1536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:13:56.0592 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: b114d3098e9bdb8bea8b053685831be6
00:13:56.0607 1536 BrFiltUp ( LockedFile.Multi.Generic ) - warning
00:13:56.0607 1536 BrFiltUp - detected LockedFile.Multi.Generic (1)
00:13:56.0732 1536 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:13:56.0732 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bridge.sys. md5: 5c2f352a4e961d72518261257aae204b
00:13:56.0763 1536 BridgeMP ( LockedFile.Multi.Generic ) - warning
00:13:56.0763 1536 BridgeMP - detected LockedFile.Multi.Generic (1)
00:13:56.0888 1536 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\Windows\system32\DRIVERS\BrSerIb.sys
00:13:56.0888 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrSerIb.sys. md5: 6df544e72ff139e8fbbba6d0e569bea5
00:13:56.0904 1536 BrSerIb ( LockedFile.Multi.Generic ) - warning
00:13:56.0904 1536 BrSerIb - detected LockedFile.Multi.Generic (1)
00:13:56.0935 1536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:13:56.0935 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43bea8d483bf1870f018e2d02e06a5bd
00:13:56.0935 1536 Brserid ( LockedFile.Multi.Generic ) - warning
00:13:56.0935 1536 Brserid - detected LockedFile.Multi.Generic (1)
00:13:57.0029 1536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:13:57.0029 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: a6eca2151b08a09caceca35c07f05b42
00:13:57.0044 1536 BrSerWdm ( LockedFile.Multi.Generic ) - warning
00:13:57.0044 1536 BrSerWdm - detected LockedFile.Multi.Generic (1)
00:13:57.0075 1536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:13:57.0075 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: b79968002c277e869cf38bd22cd61524
00:13:57.0091 1536 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
00:13:57.0091 1536 BrUsbMdm - detected LockedFile.Multi.Generic (1)
00:13:57.0107 1536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:13:57.0107 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: a87528880231c54e75ea7a44943b38bf
00:13:57.0107 1536 BrUsbSer ( LockedFile.Multi.Generic ) - warning
00:13:57.0107 1536 BrUsbSer - detected LockedFile.Multi.Generic (1)
00:13:57.0247 1536 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
00:13:57.0247 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrUsbSIb.sys. md5: 80082ad46578f0d3270d2e56d6433082
00:13:57.0278 1536 BrUsbSIb ( LockedFile.Multi.Generic ) - warning
00:13:57.0278 1536 BrUsbSIb - detected LockedFile.Multi.Generic (1)
00:13:57.0387 1536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:13:57.0387 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9da669f11d1f894ab4eb69bf546a42e8
00:13:57.0403 1536 BTHMODEM ( LockedFile.Multi.Generic ) - warning
00:13:57.0403 1536 BTHMODEM - detected LockedFile.Multi.Generic (1)
00:13:57.0450 1536 catchme - ok
00:13:57.0559 1536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:13:57.0559 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: b8bd2bb284668c84865658c77574381a
00:13:57.0575 1536 cdfs ( LockedFile.Multi.Generic ) - warning
00:13:57.0590 1536 cdfs - detected LockedFile.Multi.Generic (1)
00:13:57.0699 1536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:13:57.0699 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: f036ce71586e93d94dab220d7bdf4416
00:13:57.0731 1536 cdrom ( LockedFile.Multi.Generic ) - warning
00:13:57.0731 1536 cdrom - detected LockedFile.Multi.Generic (1)
00:13:57.0855 1536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:13:57.0855 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: d7cd5c4e1b71fa62050515314cfb52cf
00:13:57.0887 1536 circlass ( LockedFile.Multi.Generic ) - warning
00:13:57.0887 1536 circlass - detected LockedFile.Multi.Generic (1)
00:13:57.0996 1536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:13:57.0996 1536 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: fe1ec06f2253f691fe36217c592a0206
00:13:58.0043 1536 CLFS ( LockedFile.Multi.Generic ) - warning
00:13:58.0043 1536 CLFS - detected LockedFile.Multi.Generic (1)
00:13:58.0183 1536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:13:58.0183 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155d0bddf1190f84a663c284bd33
00:13:58.0199 1536 CmBatt ( LockedFile.Multi.Generic ) - warning
00:13:58.0199 1536 CmBatt - detected LockedFile.Multi.Generic (1)
00:13:58.0339 1536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:13:58.0339 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: e19d3f095812725d88f9001985b94edd
00:13:58.0355 1536 cmdide ( LockedFile.Multi.Generic ) - warning
00:13:58.0355 1536 cmdide - detected LockedFile.Multi.Generic (1)
00:13:58.0479 1536 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:13:58.0479 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: d5fea92400f12412b3922087c09da6a5
00:13:58.0511 1536 CNG ( LockedFile.Multi.Generic ) - warning
00:13:58.0511 1536 CNG - detected LockedFile.Multi.Generic (1)
00:13:58.0620 1536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:13:58.0620 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102de219c3f61415f964c88e9085ad14
00:13:58.0651 1536 Compbatt ( LockedFile.Multi.Generic ) - warning
00:13:58.0651 1536 Compbatt - detected LockedFile.Multi.Generic (1)
00:13:58.0791 1536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:13:58.0791 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03edb043586cceba243d689bdda370a8
00:13:58.0807 1536 CompositeBus ( LockedFile.Multi.Generic ) - warning
00:13:58.0807 1536 CompositeBus - detected LockedFile.Multi.Generic (1)
00:13:58.0916 1536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:13:58.0916 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1c827878a998c18847245fe1f34ee597
00:13:58.0947 1536 crcdisk ( LockedFile.Multi.Generic ) - warning
00:13:58.0947 1536 crcdisk - detected LockedFile.Multi.Generic (1)
00:13:59.0103 1536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:13:59.0103 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9bb2ef44eaa163b29c4a4587887a0fe4
00:13:59.0119 1536 DfsC ( LockedFile.Multi.Generic ) - warning
00:13:59.0119 1536 DfsC - detected LockedFile.Multi.Generic (1)
00:13:59.0166 1536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:13:59.0166 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096b05847ec78f0977f2c0f79e9ab3
00:13:59.0166 1536 discache ( LockedFile.Multi.Generic ) - warning
00:13:59.0166 1536 discache - detected LockedFile.Multi.Generic (1)
00:13:59.0322 1536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:13:59.0322 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819eee8b5ea3784ec4af3b137a5244c
00:13:59.0337 1536 Disk ( LockedFile.Multi.Generic ) - warning
00:13:59.0337 1536 Disk - detected LockedFile.Multi.Generic (1)
00:13:59.0447 1536 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
00:13:59.0447 1536 Suspicious file (NoAccess): C:\Windows\SysWOW64\Drivers\DKbFltr.sys. md5: d5bcb77be83cf99f508943945d46343d
00:13:59.0462 1536 DKbFltr ( LockedFile.Multi.Generic ) - warning
00:13:59.0462 1536 DKbFltr - detected LockedFile.Multi.Generic (1)
00:13:59.0634 1536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:13:59.0634 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9b19f34400d24df84c858a421c205754
00:13:59.0649 1536 drmkaud ( LockedFile.Multi.Generic ) - warning
00:13:59.0649 1536 drmkaud - detected LockedFile.Multi.Generic (1)
00:13:59.0774 1536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:13:59.0774 1536 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: f5bee30450e18e6b83a5012c100616fd
00:13:59.0790 1536 DXGKrnl ( LockedFile.Multi.Generic ) - warning
00:13:59.0790 1536 DXGKrnl - detected LockedFile.Multi.Generic (1)
00:13:59.0977 1536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:13:59.0977 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: dc5d737f51be844d8c82c695eb17372f
00:14:00.0008 1536 ebdrv ( LockedFile.Multi.Generic ) - warning
00:14:00.0008 1536 ebdrv - detected LockedFile.Multi.Generic (1)
00:14:00.0180 1536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:14:00.0180 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0e5da5369a0fcaea12456dd852545184
00:14:00.0195 1536 elxstor ( LockedFile.Multi.Generic ) - warning
00:14:00.0195 1536 elxstor - detected LockedFile.Multi.Generic (1)
00:14:00.0320 1536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:14:00.0320 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
00:14:00.0367 1536 ErrDev ( LockedFile.Multi.Generic ) - warning
00:14:00.0367 1536 ErrDev - detected LockedFile.Multi.Generic (1)
00:14:00.0523 1536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:14:00.0523 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
00:14:00.0554 1536 exfat ( LockedFile.Multi.Generic ) - warning
00:14:00.0554 1536 exfat - detected LockedFile.Multi.Generic (1)
00:14:00.0648 1536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:14:00.0648 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
00:14:00.0663 1536 fastfat ( LockedFile.Multi.Generic ) - warning
00:14:00.0663 1536 fastfat - detected LockedFile.Multi.Generic (1)
00:14:00.0773 1536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:14:00.0773 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
00:14:00.0788 1536 fdc ( LockedFile.Multi.Generic ) - warning
00:14:00.0788 1536 fdc - detected LockedFile.Multi.Generic (1)
00:14:00.0929 1536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:14:00.0929 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661be46b5f5f3fd454e2c3095b930
00:14:00.0944 1536 FileInfo ( LockedFile.Multi.Generic ) - warning
00:14:00.0944 1536 FileInfo - detected LockedFile.Multi.Generic (1)
00:14:00.0975 1536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:14:00.0975 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5f671ab5bc87eea04ec38a6cd5962a47
00:14:00.0975 1536 Filetrace ( LockedFile.Multi.Generic ) - warning
00:14:00.0975 1536 Filetrace - detected LockedFile.Multi.Generic (1)
00:14:01.0085 1536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:14:01.0085 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: c172a0f53008eaeb8ea33fe10e177af5
00:14:01.0100 1536 flpydisk ( LockedFile.Multi.Generic ) - warning
00:14:01.0100 1536 flpydisk - detected LockedFile.Multi.Generic (1)
00:14:01.0147 1536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:14:01.0147 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: da6b67270fd9db3697b20fce94950741
00:14:01.0147 1536 FltMgr ( LockedFile.Multi.Generic ) - warning
00:14:01.0147 1536 FltMgr - detected LockedFile.Multi.Generic (1)
00:14:01.0303 1536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:14:01.0303 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
00:14:01.0319 1536 FsDepends ( LockedFile.Multi.Generic ) - warning
00:14:01.0319 1536 FsDepends - detected LockedFile.Multi.Generic (1)
00:14:01.0443 1536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:14:01.0443 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: e95ef8547de20cf0603557c0cf7a9462
00:14:01.0459 1536 Fs_Rec ( LockedFile.Multi.Generic ) - warning
00:14:01.0459 1536 Fs_Rec - detected LockedFile.Multi.Generic (1)
00:14:01.0568 1536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:14:01.0568 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1f7b25b858fa27015169fe95e54108ed
00:14:01.0584 1536 fvevol ( LockedFile.Multi.Generic ) - warning
00:14:01.0584 1536 fvevol - detected LockedFile.Multi.Generic (1)
00:14:01.0631 1536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:14:01.0631 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
00:14:01.0631 1536 gagp30kx ( LockedFile.Multi.Generic ) - warning
00:14:01.0631 1536 gagp30kx - detected LockedFile.Multi.Generic (1)
00:14:01.0802 1536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:14:01.0802 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
00:14:01.0818 1536 hcw85cir ( LockedFile.Multi.Generic ) - warning
00:14:01.0818 1536 hcw85cir - detected LockedFile.Multi.Generic (1)
00:14:01.0958 1536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:14:01.0958 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761c778e33cd22498059b91e7373a
00:14:01.0989 1536 HdAudAddService ( LockedFile.Multi.Generic ) - warning
00:14:01.0989 1536 HdAudAddService - detected LockedFile.Multi.Generic (1)
00:14:02.0114 1536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:14:02.0114 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97bfed39b6b79eb12cddbfeed51f56bb
00:14:02.0130 1536 HDAudBus ( LockedFile.Multi.Generic ) - warning
00:14:02.0130 1536 HDAudBus - detected LockedFile.Multi.Generic (1)
00:14:02.0239 1536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:14:02.0239 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
00:14:02.0286 1536 HidBatt ( LockedFile.Multi.Generic ) - warning
00:14:02.0286 1536 HidBatt - detected LockedFile.Multi.Generic (1)
00:14:02.0395 1536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:14:02.0395 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
00:14:02.0411 1536 HidBth ( LockedFile.Multi.Generic ) - warning
00:14:02.0411 1536 HidBth - detected LockedFile.Multi.Generic (1)
00:14:02.0442 1536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:14:02.0442 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
00:14:02.0473 1536 HidIr ( LockedFile.Multi.Generic ) - warning
00:14:02.0473 1536 HidIr - detected LockedFile.Multi.Generic (1)
00:14:02.0598 1536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:14:02.0598 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090a7e2b61cd582b612b6df70536
00:14:02.0629 1536 HidUsb ( LockedFile.Multi.Generic ) - warning
00:14:02.0629 1536 HidUsb - detected LockedFile.Multi.Generic (1)
00:14:02.0769 1536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:14:02.0769 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39d2abcd392f3d8a6dce7b60ae7b8efc
00:14:02.0785 1536 HpSAMD ( LockedFile.Multi.Generic ) - warning
00:14:02.0785 1536 HpSAMD - detected LockedFile.Multi.Generic (1)
00:14:02.0863 1536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:14:02.0863 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0ea7de1acb728dd5a369fd742d6eee28
00:14:02.0894 1536 HTTP ( LockedFile.Multi.Generic ) - warning
00:14:02.0894 1536 HTTP - detected LockedFile.Multi.Generic (1)
00:14:03.0003 1536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:14:03.0003 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: a5462bd6884960c9dc85ed49d34ff392
00:14:03.0019 1536 hwpolicy ( LockedFile.Multi.Generic ) - warning
00:14:03.0019 1536 hwpolicy - detected LockedFile.Multi.Generic (1)
00:14:03.0066 1536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:14:03.0066 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
00:14:03.0081 1536 i8042prt ( LockedFile.Multi.Generic ) - warning
00:14:03.0081 1536 i8042prt - detected LockedFile.Multi.Generic (1)
00:14:03.0206 1536 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
00:14:03.0206 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: 3df4395a7cf8b7a72a5f4606366b8c2d
00:14:03.0222 1536 iaStorV ( LockedFile.Multi.Generic ) - warning
00:14:03.0222 1536 iaStorV - detected LockedFile.Multi.Generic (1)
00:14:03.0347 1536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:14:03.0347 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
00:14:03.0362 1536 iirsp ( LockedFile.Multi.Generic ) - warning
00:14:03.0362 1536 iirsp - detected LockedFile.Multi.Generic (1)
00:14:03.0534 1536 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
00:14:03.0534 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 0c3cf4b3bae28e121a1689e3538f8712
00:14:03.0581 1536 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
00:14:03.0581 1536 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
00:14:03.0690 1536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:14:03.0690 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
00:14:03.0705 1536 intelide ( LockedFile.Multi.Generic ) - warning
00:14:03.0705 1536 intelide - detected LockedFile.Multi.Generic (1)
00:14:03.0768 1536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:14:03.0768 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
00:14:03.0768 1536 intelppm ( LockedFile.Multi.Generic ) - warning
00:14:03.0768 1536 intelppm - detected LockedFile.Multi.Generic (1)
00:14:03.0908 1536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:03.0908 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: c9f0e1bd74365a8771590e9008d22ab6
00:14:03.0924 1536 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
00:14:03.0924 1536 IpFilterDriver - detected LockedFile.Multi.Generic (1)
00:14:04.0049 1536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:14:04.0049 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0fc1aea580957aa8817b8f305d18ca3a
00:14:04.0064 1536 IPMIDRV ( LockedFile.Multi.Generic ) - warning
00:14:04.0064 1536 IPMIDRV - detected LockedFile.Multi.Generic (1)
00:14:04.0111 1536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:14:04.0111 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
00:14:04.0111 1536 IPNAT ( LockedFile.Multi.Generic ) - warning
00:14:04.0111 1536 IPNAT - detected LockedFile.Multi.Generic (1)
00:14:04.0220 1536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:14:04.0220 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
00:14:04.0236 1536 IRENUM ( LockedFile.Multi.Generic ) - warning
00:14:04.0236 1536 IRENUM - detected LockedFile.Multi.Generic (1)
00:14:04.0345 1536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:14:04.0345 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
00:14:04.0376 1536 isapnp ( LockedFile.Multi.Generic ) - warning
00:14:04.0376 1536 isapnp - detected LockedFile.Multi.Generic (1)
00:14:04.0517 1536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:14:04.0517 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: d931d7309deb2317035b07c9f9e6b0bd
00:14:04.0548 1536 iScsiPrt ( LockedFile.Multi.Generic ) - warning
00:14:04.0548 1536 iScsiPrt - detected LockedFile.Multi.Generic (1)
00:14:04.0657 1536 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:14:04.0657 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 08dd34f74d65e1c8f238565570952630
00:14:04.0688 1536 k57nd60a ( LockedFile.Multi.Generic ) - warning
00:14:04.0688 1536 k57nd60a - detected LockedFile.Multi.Generic (1)
00:14:04.0797 1536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:14:04.0797 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
00:14:04.0813 1536 kbdclass ( LockedFile.Multi.Generic ) - warning
00:14:04.0813 1536 kbdclass - detected LockedFile.Multi.Generic (1)
00:14:04.0844 1536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:14:04.0844 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705eff5b42a9db58548eec3b26bb484
00:14:04.0860 1536 kbdhid ( LockedFile.Multi.Generic ) - warning
00:14:04.0860 1536 kbdhid - detected LockedFile.Multi.Generic (1)
00:14:04.0985 1536 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:14:04.0985 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: ccd53b5bd33ce0c889e830d839c8b66e
00:14:05.0016 1536 KSecDD ( LockedFile.Multi.Generic ) - warning
00:14:05.0016 1536 KSecDD - detected LockedFile.Multi.Generic (1)
00:14:05.0109 1536 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:14:05.0109 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 9ff918a261752c12639e8ad4208d2c2f
00:14:05.0141 1536 KSecPkg ( LockedFile.Multi.Generic ) - warning
00:14:05.0141 1536 KSecPkg - detected LockedFile.Multi.Generic (1)
00:14:05.0250 1536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:14:05.0250 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
00:14:05.0281 1536 ksthunk ( LockedFile.Multi.Generic ) - warning
00:14:05.0281 1536 ksthunk - detected LockedFile.Multi.Generic (1)
00:14:05.0468 1536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:14:05.0468 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
00:14:05.0499 1536 lltdio ( LockedFile.Multi.Generic ) - warning
00:14:05.0499 1536 lltdio - detected LockedFile.Multi.Generic (1)
00:14:05.0655 1536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:14:05.0655 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
00:14:05.0687 1536 LSI_FC ( LockedFile.Multi.Generic ) - warning
00:14:05.0687 1536 LSI_FC - detected LockedFile.Multi.Generic (1)
00:14:05.0780 1536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:14:05.0780 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
00:14:05.0811 1536 LSI_SAS ( LockedFile.Multi.Generic ) - warning
00:14:05.0811 1536 LSI_SAS - detected LockedFile.Multi.Generic (1)
00:14:05.0905 1536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:14:05.0905 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
00:14:05.0921 1536 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
00:14:05.0921 1536 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
00:14:05.0936 1536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:14:05.0936 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
00:14:05.0952 1536 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
00:14:05.0952 1536 LSI_SCSI - detected LockedFile.Multi.Generic (1)
00:14:06.0061 1536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:14:06.0061 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
00:14:06.0077 1536 luafv ( LockedFile.Multi.Generic ) - warning
00:14:06.0077 1536 luafv - detected LockedFile.Multi.Generic (1)
00:14:06.0217 1536 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:14:06.0264 1536 MBAMProtector - ok
00:14:06.0467 1536 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:14:06.0467 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mdmxsdk.sys. md5: e4f44ec214b3e381e1fc844a02926666
00:14:06.0498 1536 mdmxsdk ( LockedFile.Multi.Generic ) - warning
00:14:06.0498 1536 mdmxsdk - detected LockedFile.Multi.Generic (1)
00:14:06.0591 1536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:14:06.0591 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
00:14:06.0623 1536 megasas ( LockedFile.Multi.Generic ) - warning
00:14:06.0623 1536 megasas - detected LockedFile.Multi.Generic (1)
00:14:06.0732 1536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:14:06.0732 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
00:14:06.0747 1536 MegaSR ( LockedFile.Multi.Generic ) - warning
00:14:06.0747 1536 MegaSR - detected LockedFile.Multi.Generic (1)
00:14:06.0888 1536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:14:06.0888 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
00:14:06.0903 1536 Modem ( LockedFile.Multi.Generic ) - warning
00:14:06.0903 1536 Modem - detected LockedFile.Multi.Generic (1)
00:14:06.0935 1536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:14:06.0935 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
00:14:06.0950 1536 monitor ( LockedFile.Multi.Generic ) - warning
00:14:06.0950 1536 monitor - detected LockedFile.Multi.Generic (1)
00:14:07.0059 1536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:14:07.0059 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
00:14:07.0091 1536 mouclass ( LockedFile.Multi.Generic ) - warning
00:14:07.0091 1536 mouclass - detected LockedFile.Multi.Generic (1)
00:14:07.0200 1536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:14:07.0200 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
00:14:07.0231 1536 mouhid ( LockedFile.Multi.Generic ) - warning
00:14:07.0231 1536 mouhid - detected LockedFile.Multi.Generic (1)
00:14:07.0278 1536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:14:07.0278 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32e7a3d591d671a6df2db515a5cbe0fa
00:14:07.0278 1536 mountmgr ( LockedFile.Multi.Generic ) - warning
00:14:07.0278 1536 mountmgr - detected LockedFile.Multi.Generic (1)
00:14:07.0403 1536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:14:07.0403 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: a44b420d30bd56e145d6a2bc8768ec58
00:14:07.0418 1536 mpio ( LockedFile.Multi.Generic ) - warning
00:14:07.0418 1536 mpio - detected LockedFile.Multi.Generic (1)
00:14:07.0527 1536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:14:07.0527 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
00:14:07.0543 1536 mpsdrv ( LockedFile.Multi.Generic ) - warning
00:14:07.0543 1536 mpsdrv - detected LockedFile.Multi.Generic (1)
00:14:07.0668 1536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:14:07.0668 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: dc722758b8261e1abafd31a3c0a66380
00:14:07.0683 1536 MRxDAV ( LockedFile.Multi.Generic ) - warning
00:14:07.0683 1536 MRxDAV - detected LockedFile.Multi.Generic (1)
00:14:07.0793 1536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:07.0793 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: a5d9106a73dc88564c825d317cac68ac
00:14:07.0808 1536 mrxsmb ( LockedFile.Multi.Generic ) - warning
00:14:07.0808 1536 mrxsmb - detected LockedFile.Multi.Generic (1)
00:14:07.0839 1536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:07.0839 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: d711b3c1d5f42c0c2415687be09fc163
00:14:07.0871 1536 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
00:14:07.0871 1536 mrxsmb10 - detected LockedFile.Multi.Generic (1)
00:14:07.0949 1536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:07.0949 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423e9d355c8d303e76b8cfbd8a5c30c
00:14:07.0964 1536 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
00:14:07.0964 1536 mrxsmb20 - detected LockedFile.Multi.Generic (1)
00:14:07.0995 1536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:14:07.0995 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: c25f0bafa182cbca2dd3c851c2e75796
00:14:08.0011 1536 msahci ( LockedFile.Multi.Generic ) - warning
00:14:08.0011 1536 msahci - detected LockedFile.Multi.Generic (1)
00:14:08.0120 1536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:14:08.0120 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: db801a638d011b9633829eb6f663c900
00:14:08.0136 1536 msdsm ( LockedFile.Multi.Generic ) - warning
00:14:08.0136 1536 msdsm - detected LockedFile.Multi.Generic (1)
00:14:08.0261 1536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:14:08.0261 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
00:14:08.0292 1536 Msfs ( LockedFile.Multi.Generic ) - warning
00:14:08.0292 1536 Msfs - detected LockedFile.Multi.Generic (1)
00:14:08.0417 1536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:14:08.0417 1536 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
00:14:08.0448 1536 mshidkmdf ( LockedFile.Multi.Generic ) - warning
00:14:08.0448 1536 mshidkmdf - detected LockedFile.Multi.Generic (1)
00:14:08.0557 1536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:14:08.0557 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
00:14:08.0573 1536 msisadrv ( LockedFile.Multi.Generic ) - warning
00:14:08.0573 1536 msisadrv - detected LockedFile.Multi.Generic (1)
00:14:08.0713 1536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:14:08.0713 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
00:14:08.0729 1536 MSKSSRV ( LockedFile.Multi.Generic ) - warning
00:14:08.0729 1536 MSKSSRV - detected LockedFile.Multi.Generic (1)
00:14:08.0760 1536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:14:08.0760 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
00:14:08.0775 1536 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
00:14:08.0775 1536 MSPCLOCK - detected LockedFile.Multi.Generic (1)
00:14:08.0900 1536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:14:08.0900 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
00:14:08.0916 1536 MSPQM ( LockedFile.Multi.Generic ) - warning
00:14:08.0916 1536 MSPQM - detected LockedFile.Multi.Generic (1)
00:14:09.0025 1536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:14:09.0025 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759a9eeb0fa9ed79da1fb7d4ef78866d
00:14:09.0056 1536 MsRPC ( LockedFile.Multi.Generic ) - warning
00:14:09.0056 1536 MsRPC - detected LockedFile.Multi.Generic (1)
00:14:09.0165 1536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:14:09.0165 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
00:14:09.0181 1536 mssmbios ( LockedFile.Multi.Generic ) - warning
00:14:09.0181 1536 mssmbios - detected LockedFile.Multi.Generic (1)
00:14:09.0212 1536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:14:09.0212 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
00:14:09.0228 1536 MSTEE ( LockedFile.Multi.Generic ) - warning
00:14:09.0228 1536 MSTEE - detected LockedFile.Multi.Generic (1)
00:14:09.0337 1536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:14:09.0337 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
00:14:09.0384 1536 MTConfig ( LockedFile.Multi.Generic ) - warning
00:14:09.0384 1536 MTConfig - detected LockedFile.Multi.Generic (1)
00:14:09.0493 1536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:14:09.0493 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
00:14:09.0509 1536 Mup ( LockedFile.Multi.Generic ) - warning
00:14:09.0509 1536 Mup - detected LockedFile.Multi.Generic (1)
00:14:09.0680 1536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:14:09.0680 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
00:14:09.0821 1536 NativeWifiP ( LockedFile.Multi.Generic ) - warning
00:14:09.0821 1536 NativeWifiP - detected LockedFile.Multi.Generic (1)
00:14:10.0351 1536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:14:10.0351 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79b47fd40d9a817e932f9d26fac0a81c
00:14:10.0725 1536 NDIS ( LockedFile.Multi.Generic ) - warning
00:14:10.0725 1536 NDIS - detected LockedFile.Multi.Generic (1)
00:14:11.0037 1536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:14:11.0037 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
00:14:11.0084 1536 NdisCap ( LockedFile.Multi.Generic ) - warning
00:14:11.0084 1536 NdisCap - detected LockedFile.Multi.Generic (1)
00:14:11.0193 1536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:14:11.0193 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
00:14:11.0225 1536 NdisTapi ( LockedFile.Multi.Generic ) - warning
00:14:11.0225 1536 NdisTapi - detected LockedFile.Multi.Generic (1)
00:14:11.0303 1536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:14:11.0303 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185f9fb2cc61e573e676aa5402356
00:14:11.0334 1536 Ndisuio ( LockedFile.Multi.Generic ) - warning
00:14:11.0334 1536 Ndisuio - detected LockedFile.Multi.Generic (1)
00:14:11.0365 1536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:14:11.0365 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53f7305169863f0a2bddc49e116c2e11
00:14:11.0396 1536 NdisWan ( LockedFile.Multi.Generic ) - warning
00:14:11.0396 1536 NdisWan - detected LockedFile.Multi.Generic (1)
00:14:11.0505 1536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:14:11.0505 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015c0d8e0e0421b4cfd48cffe2825879
00:14:11.0521 1536 NDProxy ( LockedFile.Multi.Generic ) - warning
00:14:11.0521 1536 NDProxy - detected LockedFile.Multi.Generic (1)
00:14:11.0583 1536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:14:11.0583 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
00:14:11.0599 1536 NetBIOS ( LockedFile.Multi.Generic ) - warning
00:14:11.0599 1536 NetBIOS - detected LockedFile.Multi.Generic (1)
00:14:11.0708 1536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:14:11.0708 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594d1089c523423b32a4229263f068
00:14:11.0739 1536 NetBT ( LockedFile.Multi.Generic ) - warning
00:14:11.0739 1536 NetBT - detected LockedFile.Multi.Generic (1)
00:14:12.0020 1536 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
00:14:12.0020 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NETw5v64.sys. md5: 705283c02177809ca9fa7cc58a4f1e77
00:14:12.0051 1536 NETw5v64 ( LockedFile.Multi.Generic ) - warning
00:14:12.0051 1536 NETw5v64 - detected LockedFile.Multi.Generic (1)
00:14:12.0145 1536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:14:12.0145 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
00:14:12.0161 1536 nfrd960 ( LockedFile.Multi.Generic ) - warning
00:14:12.0161 1536 nfrd960 - detected LockedFile.Multi.Generic (1)
00:14:12.0285 1536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:14:12.0285 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
00:14:12.0317 1536 Npfs ( LockedFile.Multi.Generic ) - warning
00:14:12.0317 1536 Npfs - detected LockedFile.Multi.Generic (1)
00:14:12.0441 1536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:14:12.0441 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
00:14:12.0457 1536 nsiproxy ( LockedFile.Multi.Generic ) - warning
00:14:12.0457 1536 nsiproxy - detected LockedFile.Multi.Generic (1)
00:14:12.0613 1536 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
00:14:12.0613 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: 05d78aa5cb5f3f5c31160bdb955d0b7c
00:14:12.0629 1536 Ntfs ( LockedFile.Multi.Generic ) - warning
00:14:12.0629 1536 Ntfs - detected LockedFile.Multi.Generic (1)
00:14:12.0738 1536 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
00:14:12.0738 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\NTIDrvr.sys. md5: 64ddd0dee976302f4bd93e5efcc2f013
00:14:12.0738 1536 NTIDrvr ( LockedFile.Multi.Generic ) - warning
00:14:12.0738 1536 NTIDrvr - detected LockedFile.Multi.Generic (1)
00:14:12.0769 1536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:14:12.0769 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
00:14:12.0785 1536 Null ( LockedFile.Multi.Generic ) - warning
00:14:12.0785 1536 Null - detected LockedFile.Multi.Generic (1)
00:14:12.0909 1536 NVHDA (6e41a4df26340a07a489b721f9721ec1) C:\Windows\system32\drivers\nvhda64v.sys
00:14:12.0909 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvhda64v.sys. md5: 6e41a4df26340a07a489b721f9721ec1
00:14:12.0941 1536 NVHDA ( LockedFile.Multi.Generic ) - warning
00:14:12.0941 1536 NVHDA - detected LockedFile.Multi.Generic (1)
00:14:13.0237 1536 nvlddmkm (24f526274353ff7bb93d99d238e582da) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:14:13.0237 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 24f526274353ff7bb93d99d238e582da
00:14:13.0299 1536 nvlddmkm ( LockedFile.Multi.Generic ) - warning
00:14:13.0299 1536 nvlddmkm - detected LockedFile.Multi.Generic (1)
00:14:13.0409 1536 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
00:14:13.0409 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 5d9fd91f3d38dc9da01e3cb5fa89cd48
00:14:13.0455 1536 nvraid ( LockedFile.Multi.Generic ) - warning
00:14:13.0455 1536 nvraid - detected LockedFile.Multi.Generic (1)
00:14:13.0549 1536 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
00:14:13.0549 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: f7cd50fe7139f07e77da8ac8033d1832
00:14:13.0565 1536 nvstor ( LockedFile.Multi.Generic ) - warning
00:14:13.0580 1536 nvstor - detected LockedFile.Multi.Generic (1)
00:14:13.0689 1536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:14:13.0689 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
00:14:13.0705 1536 nv_agp ( LockedFile.Multi.Generic ) - warning
00:14:13.0705 1536 nv_agp - detected LockedFile.Multi.Generic (1)
00:14:13.0845 1536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:14:13.0845 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
00:14:13.0877 1536 ohci1394 ( LockedFile.Multi.Generic ) - warning
00:14:13.0877 1536 ohci1394 - detected LockedFile.Multi.Generic (1)
00:14:14.0033 1536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:14:14.0033 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
00:14:14.0048 1536 Parport ( LockedFile.Multi.Generic ) - warning
00:14:14.0048 1536 Parport - detected LockedFile.Multi.Generic (1)
00:14:14.0157 1536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:14:14.0157 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: 871eadac56b0a4c6512bbe32753ccf79
00:14:14.0189 1536 partmgr ( LockedFile.Multi.Generic ) - warning
00:14:14.0189 1536 partmgr - detected LockedFile.Multi.Generic (1)
00:14:14.0313 1536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:14:14.0313 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575c0571d1462a0f70bde6bd6ee6b3
00:14:14.0345 1536 pci ( LockedFile.Multi.Generic ) - warning
00:14:14.0345 1536 pci - detected LockedFile.Multi.Generic (1)
00:14:14.0469 1536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:14:14.0469 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
00:14:14.0501 1536 pciide ( LockedFile.Multi.Generic ) - warning
00:14:14.0501 1536 pciide - detected LockedFile.Multi.Generic (1)
00:14:14.0625 1536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:14:14.0625 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
00:14:14.0641 1536 pcmcia ( LockedFile.Multi.Generic ) - warning
00:14:14.0641 1536 pcmcia - detected LockedFile.Multi.Generic (1)
00:14:14.0750 1536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:14:14.0750 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
00:14:14.0797 1536 pcw ( LockedFile.Multi.Generic ) - warning
00:14:14.0797 1536 pcw - detected LockedFile.Multi.Generic (1)
00:14:14.0922 1536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:14:14.0922 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
00:14:14.0953 1536 PEAUTH ( LockedFile.Multi.Generic ) - warning
00:14:14.0953 1536 PEAUTH - detected LockedFile.Multi.Generic (1)
00:14:15.0156 1536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:14:15.0156 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: f92a2c41117a11a00be01ca01a7fcde9
00:14:15.0171 1536 PptpMiniport ( LockedFile.Multi.Generic ) - warning
00:14:15.0171 1536 PptpMiniport - detected LockedFile.Multi.Generic (1)
00:14:15.0218 1536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:14:15.0218 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
00:14:15.0218 1536 Processor ( LockedFile.Multi.Generic ) - warning
00:14:15.0218 1536 Processor - detected LockedFile.Multi.Generic (1)
00:14:15.0359 1536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:14:15.0359 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557cf5a2556bd58e26384169d72438d
00:14:15.0390 1536 Psched ( LockedFile.Multi.Generic ) - warning
00:14:15.0390 1536 Psched - detected LockedFile.Multi.Generic (1)
00:14:15.0530 1536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:14:15.0530 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
00:14:15.0577 1536 ql2300 ( LockedFile.Multi.Generic ) - warning
00:14:15.0577 1536 ql2300 - detected LockedFile.Multi.Generic (1)
00:14:15.0671 1536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:14:15.0671 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
00:14:15.0702 1536 ql40xx ( LockedFile.Multi.Generic ) - warning
00:14:15.0702 1536 ql40xx - detected LockedFile.Multi.Generic (1)
00:14:15.0811 1536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:14:15.0811 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
00:14:15.0842 1536 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
00:14:15.0842 1536 QWAVEdrv - detected LockedFile.Multi.Generic (1)
00:14:15.0873 1536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:14:15.0873 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
00:14:15.0873 1536 RasAcd ( LockedFile.Multi.Generic ) - warning
00:14:15.0873 1536 RasAcd - detected LockedFile.Multi.Generic (1)
00:14:15.0983 1536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:14:15.0983 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
00:14:15.0998 1536 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
00:14:15.0998 1536 RasAgileVpn - detected LockedFile.Multi.Generic (1)
00:14:16.0107 1536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:14:16.0107 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800ae33e6f1c32fb1b97c490ca
00:14:16.0123 1536 Rasl2tp ( LockedFile.Multi.Generic ) - warning
00:14:16.0123 1536 Rasl2tp - detected LockedFile.Multi.Generic (1)
00:14:16.0263 1536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:14:16.0263 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
00:14:16.0263 1536 RasPppoe ( LockedFile.Multi.Generic ) - warning
00:14:16.0263 1536 RasPppoe - detected LockedFile.Multi.Generic (1)
00:14:16.0279 1536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:14:16.0279 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
00:14:16.0279 1536 RasSstp ( LockedFile.Multi.Generic ) - warning
00:14:16.0279 1536 RasSstp - detected LockedFile.Multi.Generic (1)
00:14:16.0419 1536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:14:16.0419 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77f665941019a1594d887a74f301fa2f
00:14:16.0435 1536 rdbss ( LockedFile.Multi.Generic ) - warning
00:14:16.0435 1536 rdbss - detected LockedFile.Multi.Generic (1)
00:14:16.0497 1536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:14:16.0497 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
00:14:16.0497 1536 rdpbus ( LockedFile.Multi.Generic ) - warning
00:14:16.0497 1536 rdpbus - detected LockedFile.Multi.Generic (1)
00:14:16.0607 1536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:14:16.0607 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
00:14:16.0638 1536 RDPCDD ( LockedFile.Multi.Generic ) - warning
00:14:16.0638 1536 RDPCDD - detected LockedFile.Multi.Generic (1)
00:14:16.0653 1536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:14:16.0653 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
00:14:16.0669 1536 RDPENCDD ( LockedFile.Multi.Generic ) - warning
00:14:16.0669 1536 RDPENCDD - detected LockedFile.Multi.Generic (1)
00:14:16.0700 1536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:14:16.0700 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
00:14:16.0700 1536 RDPREFMP ( LockedFile.Multi.Generic ) - warning
00:14:16.0700 1536 RDPREFMP - detected LockedFile.Multi.Generic (1)
00:14:16.0794 1536 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:14:16.0794 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 15b66c206b5cb095bab980553f38ed23
00:14:16.0825 1536 RDPWD ( LockedFile.Multi.Generic ) - warning
00:14:16.0825 1536 RDPWD - detected LockedFile.Multi.Generic (1)
00:14:16.0950 1536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:14:16.0950 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ed295fa0121c241bfef24764fc4520
00:14:16.0997 1536 rdyboost ( LockedFile.Multi.Generic ) - warning
00:14:16.0997 1536 rdyboost - detected LockedFile.Multi.Generic (1)
00:14:17.0168 1536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:14:17.0168 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
00:14:17.0199 1536 rspndr ( LockedFile.Multi.Generic ) - warning
00:14:17.0199 1536 rspndr - detected LockedFile.Multi.Generic (1)
00:14:17.0324 1536 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
00:14:17.0324 1536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: fb39af63d6617f028ba0ebc21b83360d
00:14:17.0355 1536 RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
00:14:17.0355 1536 RSUSBSTOR - detected LockedFile.Multi.Generic (1)
00:14:17.0449 1536 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
00:14:17.0449 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: 7421a35c45484b95e83b5e9e107cefc2
00:14:17.0480 1536 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - warning
00:14:17.0480 1536 RTHDMIAzAudService - detected LockedFile.Multi.Generic (1)
00:14:17.0605 1536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:14:17.0605 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: ac03af3329579fffb455aa2daabbe22b
00:14:17.0621 1536 sbp2port ( LockedFile.Multi.Generic ) - warning
00:14:17.0621 1536 sbp2port - detected LockedFile.Multi.Generic (1)
00:14:17.0683 1536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:14:17.0683 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253f38d0d7074c02ff8deb9836c97d2b
00:14:17.0699 1536 scfilter ( LockedFile.Multi.Generic ) - warning
00:14:17.0699 1536 scfilter - detected LockedFile.Multi.Generic (1)
00:14:17.0855 1536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:14:17.0855 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
00:14:17.0901 1536 secdrv ( LockedFile.Multi.Generic ) - warning
00:14:17.0901 1536 secdrv - detected LockedFile.Multi.Generic (1)
00:14:18.0042 1536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:14:18.0042 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
00:14:18.0073 1536 Serenum ( LockedFile.Multi.Generic ) - warning
00:14:18.0073 1536 Serenum - detected LockedFile.Multi.Generic (1)
00:14:18.0182 1536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:14:18.0182 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
00:14:18.0213 1536 Serial ( LockedFile.Multi.Generic ) - warning
00:14:18.0213 1536 Serial - detected LockedFile.Multi.Generic (1)
00:14:18.0307 1536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:14:18.0307 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1c545a7d0691cc4a027396535691c3e3
00:14:18.0323 1536 sermouse ( LockedFile.Multi.Generic ) - warning
00:14:18.0323 1536 sermouse - detected LockedFile.Multi.Generic (1)
00:14:18.0479 1536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:14:18.0479 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: a554811bcd09279536440c964ae35bbf
00:14:18.0510 1536 sffdisk ( LockedFile.Multi.Generic ) - warning
00:14:18.0510 1536 sffdisk - detected LockedFile.Multi.Generic (1)
00:14:18.0603 1536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:14:18.0603 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: ff414f0baefeba59bc6c04b3db0b87bf
00:14:18.0619 1536 sffp_mmc ( LockedFile.Multi.Generic ) - warning
00:14:18.0619 1536 sffp_mmc - detected LockedFile.Multi.Generic (1)
00:14:18.0635 1536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:14:18.0635 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: dd85b78243a19b59f0637dcf284da63c
00:14:18.0650 1536 sffp_sd ( LockedFile.Multi.Generic ) - warning
00:14:18.0650 1536 sffp_sd - detected LockedFile.Multi.Generic (1)
00:14:18.0775 1536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:14:18.0775 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: a9d601643a1647211a1ee2ec4e433ff4
00:14:18.0806 1536 sfloppy ( LockedFile.Multi.Generic ) - warning
00:14:18.0806 1536 sfloppy - detected LockedFile.Multi.Generic (1)
00:14:18.0962 1536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:14:18.0962 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843caf1e5fde1ffd5ff768f23a51e2e1
00:14:18.0962 1536 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
00:14:18.0978 1536 SiSRaid2 - detected LockedFile.Multi.Generic (1)
00:14:19.0009 1536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:14:19.0009 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6a6c106d42e9ffff8b9fcb4f754f6da4
00:14:19.0025 1536 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
00:14:19.0025 1536 SiSRaid4 - detected LockedFile.Multi.Generic (1)
00:14:19.0134 1536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:14:19.0134 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260a7b8654e024dc30bf8a7c5baa4
00:14:19.0165 1536 Smb ( LockedFile.Multi.Generic ) - warning
00:14:19.0165 1536 Smb - detected LockedFile.Multi.Generic (1)
00:14:19.0305 1536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:14:19.0305 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: b9e31e5cacdfe584f34f730a677803f9
00:14:19.0321 1536 spldr ( LockedFile.Multi.Generic ) - warning
00:14:19.0321 1536 spldr - detected LockedFile.Multi.Generic (1)
00:14:19.0477 1536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:14:19.0477 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441fba48bff01fdb9d5969ebc1838f0b
00:14:19.0539 1536 srv ( LockedFile.Multi.Generic ) - warning
00:14:19.0539 1536 srv - detected LockedFile.Multi.Generic (1)
00:14:19.0633 1536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:14:19.0633 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: b4adebbf5e3677cce9651e0f01f7cc28
00:14:19.0649 1536 srv2 ( LockedFile.Multi.Generic ) - warning
00:14:19.0649 1536 srv2 - detected LockedFile.Multi.Generic (1)
00:14:19.0695 1536 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:14:19.0695 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTAZL6.SYS. md5: 0c4540311e11664b245a263e1154cef8
00:14:19.0695 1536 SrvHsfHDA ( LockedFile.Multi.Generic ) - warning
00:14:19.0695 1536 SrvHsfHDA - detected LockedFile.Multi.Generic (1)
00:14:19.0820 1536 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:14:19.0820 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTDPV6.SYS. md5: 02071d207a9858fbe3a48cbfd59c4a04
00:14:19.0851 1536 SrvHsfV92 ( LockedFile.Multi.Generic ) - warning
00:14:19.0851 1536 SrvHsfV92 - detected LockedFile.Multi.Generic (1)
00:14:19.0976 1536 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:14:19.0976 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTCNXT6.SYS. md5: 18e40c245dbfaf36fd0134a7ef2df396
00:14:20.0007 1536 SrvHsfWinac ( LockedFile.Multi.Generic ) - warning
00:14:20.0007 1536 SrvHsfWinac - detected LockedFile.Multi.Generic (1)
00:14:20.0132 1536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:14:20.0132 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27e461f0be5bff5fc737328f749538c3
00:14:20.0148 1536 srvnet ( LockedFile.Multi.Generic ) - warning
00:14:20.0148 1536 srvnet - detected LockedFile.Multi.Generic (1)
00:14:20.0304 1536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:14:20.0304 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: f3817967ed533d08327dc73bc4d5542a
00:14:20.0335 1536 stexstor ( LockedFile.Multi.Generic ) - warning
00:14:20.0335 1536 stexstor - detected LockedFile.Multi.Generic (1)
00:14:20.0460 1536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:14:20.0460 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: d01ec09b6711a5f8e7e6564a4d0fbc90
00:14:20.0491 1536 swenum ( LockedFile.Multi.Generic ) - warning
00:14:20.0491 1536 swenum - detected LockedFile.Multi.Generic (1)
00:14:20.0631 1536 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
00:14:20.0631 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SynTP.sys. md5: bcf305959b53b200ceb2ad25ad22f8a7
00:14:20.0663 1536 SynTP ( LockedFile.Multi.Generic ) - warning
00:14:20.0663 1536 SynTP - detected LockedFile.Multi.Generic (1)
00:14:20.0865 1536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:14:20.0865 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: fc62769e7bff2896035aeed399108162
00:14:20.0897 1536 Tcpip ( LockedFile.Multi.Generic ) - warning
00:14:20.0897 1536 Tcpip - detected LockedFile.Multi.Generic (1)
00:14:21.0053 1536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:14:21.0053 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: fc62769e7bff2896035aeed399108162
00:14:21.0099 1536 TCPIP6 ( LockedFile.Multi.Generic ) - warning
00:14:21.0099 1536 TCPIP6 - detected LockedFile.Multi.Generic (1)
00:14:21.0209 1536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:14:21.0209 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: df687e3d8836bfb04fcc0615bf15a519
00:14:21.0224 1536 tcpipreg ( LockedFile.Multi.Generic ) - warning
00:14:21.0224 1536 tcpipreg - detected LockedFile.Multi.Generic (1)
00:14:21.0349 1536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:14:21.0349 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371d21011695b16333a3934340c4e7c
00:14:21.0365 1536 TDPIPE ( LockedFile.Multi.Generic ) - warning
00:14:21.0365 1536 TDPIPE - detected LockedFile.Multi.Generic (1)
00:14:21.0396 1536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:14:21.0396 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: e4245bda3190a582d55ed09e137401a9
00:14:21.0396 1536 TDTCP ( LockedFile.Multi.Generic ) - warning
00:14:21.0396 1536 TDTCP - detected LockedFile.Multi.Generic (1)
00:14:21.0505 1536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:14:21.0505 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: ddad5a7ab24d8b65f8d724f5c20fd806
00:14:21.0552 1536 tdx ( LockedFile.Multi.Generic ) - warning
00:14:21.0552 1536 tdx - detected LockedFile.Multi.Generic (1)
00:14:21.0677 1536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:14:21.0677 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561e7e1f06895d78de991e01dd0fb6e5
00:14:21.0708 1536 TermDD ( LockedFile.Multi.Generic ) - warning
00:14:21.0708 1536 TermDD - detected LockedFile.Multi.Generic (1)
00:14:21.0895 1536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:14:21.0895 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: ce18b2cdfc837c99e5fae9ca6cba5d30
00:14:21.0911 1536 tssecsrv ( LockedFile.Multi.Generic ) - warning
00:14:21.0911 1536 tssecsrv - detected LockedFile.Multi.Generic (1)
00:14:22.0020 1536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:14:22.0020 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: d11c783e3ef9a3c52c0ebe83cc5000e9
00:14:22.0051 1536 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
00:14:22.0051 1536 TsUsbFlt - detected LockedFile.Multi.Generic (1)
00:14:22.0160 1536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:14:22.0160 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566a8daafa27af944f5d705eaa64894
00:14:22.0191 1536 tunnel ( LockedFile.Multi.Generic ) - warning
00:14:22.0191 1536 tunnel - detected LockedFile.Multi.Generic (1)
00:14:22.0301 1536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:14:22.0301 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: b4dd609bd7e282bfc683cec7eaaaad67
00:14:22.0316 1536 uagp35 ( LockedFile.Multi.Generic ) - warning
00:14:22.0316 1536 uagp35 - detected LockedFile.Multi.Generic (1)
00:14:22.0363 1536 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
00:14:22.0363 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\UBHelper.sys. md5: 2e22c1fd397a5a9ffef55e9d1fc96c00
00:14:22.0379 1536 UBHelper ( LockedFile.Multi.Generic ) - warning
00:14:22.0379 1536 UBHelper - detected LockedFile.Multi.Generic (1)
00:14:22.0488 1536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:14:22.0488 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ff4232a1a64012baa1fd97c7b67df593
00:14:22.0503 1536 udfs ( LockedFile.Multi.Generic ) - warning
00:14:22.0503 1536 udfs - detected LockedFile.Multi.Generic (1)
00:14:22.0675 1536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:14:22.0675 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4bfe1bc28391222894cbf1e7d0e42320
00:14:22.0706 1536 uliagpkx ( LockedFile.Multi.Generic ) - warning
00:14:22.0706 1536 uliagpkx - detected LockedFile.Multi.Generic (1)
00:14:22.0815 1536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:14:22.0815 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
00:14:22.0831 1536 umbus ( LockedFile.Multi.Generic ) - warning
00:14:22.0831 1536 umbus - detected LockedFile.Multi.Generic (1)
00:14:22.0878 1536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:14:22.0878 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
00:14:22.0878 1536 UmPass ( LockedFile.Multi.Generic ) - warning
00:14:22.0878 1536 UmPass - detected LockedFile.Multi.Generic (1)
00:14:23.0003 1536 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
00:14:23.0003 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 481dff26b4dca8f4cbac1f7dce1d6829
00:14:23.0018 1536 usbccgp ( LockedFile.Multi.Generic ) - warning
00:14:23.0018 1536 usbccgp - detected LockedFile.Multi.Generic (1)
00:14:23.0065 1536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:14:23.0065 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
00:14:23.0081 1536 usbcir ( LockedFile.Multi.Generic ) - warning
00:14:23.0081 1536 usbcir - detected LockedFile.Multi.Generic (1)
00:14:23.0205 1536 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
00:14:23.0205 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: 74ee782b1d9c241efe425565854c661c
00:14:23.0221 1536 usbehci ( LockedFile.Multi.Generic ) - warning
00:14:23.0221 1536 usbehci - detected LockedFile.Multi.Generic (1)
00:14:23.0330 1536 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
00:14:23.0330 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbhub.sys. md5: dc96bd9ccb8403251bcf25047573558e
00:14:23.0361 1536 usbhub ( LockedFile.Multi.Generic ) - warning
00:14:23.0361 1536 usbhub - detected LockedFile.Multi.Generic (1)
00:14:23.0471 1536 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
00:14:23.0471 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 58e546bbaf87664fc57e0f6081e4f609
00:14:23.0486 1536 usbohci ( LockedFile.Multi.Generic ) - warning
00:14:23.0486 1536 usbohci - detected LockedFile.Multi.Generic (1)
00:14:23.0517 1536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:14:23.0517 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
00:14:23.0533 1536 usbprint ( LockedFile.Multi.Generic ) - warning
00:14:23.0533 1536 usbprint - detected LockedFile.Multi.Generic (1)
00:14:23.0658 1536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:14:23.0658 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: aaa2513c8aed8b54b189fd0c6b1634c0
00:14:23.0673 1536 usbscan ( LockedFile.Multi.Generic ) - warning
00:14:23.0673 1536 usbscan - detected LockedFile.Multi.Generic (1)
00:14:23.0783 1536 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:14:23.0783 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: d76510cfa0fc09023077f22c2f979d86
00:14:23.0798 1536 USBSTOR ( LockedFile.Multi.Generic ) - warning
00:14:23.0798 1536 USBSTOR - detected LockedFile.Multi.Generic (1)
00:14:23.0845 1536 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
00:14:23.0845 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 81fb2216d3a60d1284455d511797db3d
00:14:23.0861 1536 usbuhci ( LockedFile.Multi.Generic ) - warning
00:14:23.0861 1536 usbuhci - detected LockedFile.Multi.Generic (1)
00:14:23.0985 1536 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:14:23.0985 1536 Suspicious file (NoAccess): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800c2bc7f3927ce030141ee4f4c50
00:14:24.0017 1536 usbvideo ( LockedFile.Multi.Generic ) - warning
00:14:24.0017 1536 usbvideo - detected LockedFile.Multi.Generic (1)
00:14:24.0157 1536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:14:24.0157 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
00:14:24.0188 1536 vdrvroot ( LockedFile.Multi.Generic ) - warning
00:14:24.0188 1536 vdrvroot - detected LockedFile.Multi.Generic (1)
00:14:24.0329 1536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:14:24.0329 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
00:14:24.0375 1536 vga ( LockedFile.Multi.Generic ) - warning
00:14:24.0375 1536 vga - detected LockedFile.Multi.Generic (1)
00:14:24.0485 1536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:14:24.0485 1536 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
00:14:24.0500 1536 VgaSave ( LockedFile.Multi.Generic ) - warning
00:14:24.0500 1536 VgaSave - detected LockedFile.Multi.Generic (1)
00:14:24.0563 1536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:14:24.0563 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
00:14:24.0578 1536 vhdmp ( LockedFile.Multi.Generic ) - warning
00:14:24.0578 1536 vhdmp - detected LockedFile.Multi.Generic (1)
00:14:24.0734 1536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:14:24.0734 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
00:14:24.0750 1536 viaide ( LockedFile.Multi.Generic ) - warning
00:14:24.0750 1536 viaide - detected LockedFile.Multi.Generic (1)
00:14:24.0875 1536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:14:24.0875 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
00:14:24.0890 1536 volmgr ( LockedFile.Multi.Generic ) - warning
00:14:24.0890 1536 volmgr - detected LockedFile.Multi.Generic (1)
00:14:24.0953 1536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:14:24.0953 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
00:14:24.0953 1536 volmgrx ( LockedFile.Multi.Generic ) - warning
00:14:24.0953 1536 volmgrx - detected LockedFile.Multi.Generic (1)
00:14:25.0077 1536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:14:25.0077 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
00:14:25.0093 1536 volsnap ( LockedFile.Multi.Generic ) - warning
00:14:25.0093 1536 volsnap - detected LockedFile.Multi.Generic (1)
00:14:25.0140 1536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:14:25.0140 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
00:14:25.0155 1536 vsmraid ( LockedFile.Multi.Generic ) - warning
00:14:25.0155 1536 vsmraid - detected LockedFile.Multi.Generic (1)
00:14:25.0280 1536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:14:25.0280 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
00:14:25.0296 1536 vwifibus ( LockedFile.Multi.Generic ) - warning
00:14:25.0311 1536 vwifibus - detected LockedFile.Multi.Generic (1)
00:14:25.0327 1536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:14:25.0327 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
00:14:25.0327 1536 vwififlt ( LockedFile.Multi.Generic ) - warning
00:14:25.0327 1536 vwififlt - detected LockedFile.Multi.Generic (1)
00:14:25.0467 1536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:14:25.0467 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
00:14:25.0483 1536 WacomPen ( LockedFile.Multi.Generic ) - warning
00:14:25.0483 1536 WacomPen - detected LockedFile.Multi.Generic (1)
00:14:25.0608 1536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:14:25.0608 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
00:14:25.0623 1536 WANARP ( LockedFile.Multi.Generic ) - warning
00:14:25.0623 1536 WANARP - detected LockedFile.Multi.Generic (1)
00:14:25.0639 1536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:14:25.0639 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
00:14:25.0639 1536 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
00:14:25.0639 1536 Wanarpv6 - detected LockedFile.Multi.Generic (1)
00:14:25.0811 1536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:14:25.0811 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
00:14:25.0826 1536 Wd ( LockedFile.Multi.Generic ) - warning
00:14:25.0826 1536 Wd - detected LockedFile.Multi.Generic (1)
00:14:25.0873 1536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:14:25.0873 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
00:14:25.0889 1536 Wdf01000 ( LockedFile.Multi.Generic ) - warning
00:14:25.0889 1536 Wdf01000 - detected LockedFile.Multi.Generic (1)
00:14:26.0076 1536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:14:26.0076 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
00:14:26.0076 1536 WfpLwf ( LockedFile.Multi.Generic ) - warning
00:14:26.0076 1536 WfpLwf - detected LockedFile.Multi.Generic (1)
00:14:26.0123 1536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:14:26.0123 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
00:14:26.0123 1536 WIMMount ( LockedFile.Multi.Generic ) - warning
00:14:26.0123 1536 WIMMount - detected LockedFile.Multi.Generic (1)
00:14:26.0325 1536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:14:26.0325 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
00:14:26.0357 1536 WinUsb ( LockedFile.Multi.Generic ) - warning
00:14:26.0357 1536 WinUsb - detected LockedFile.Multi.Generic (1)
00:14:26.0497 1536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:14:26.0497 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
00:14:26.0513 1536 WmiAcpi ( LockedFile.Multi.Generic ) - warning
00:14:26.0513 1536 WmiAcpi - detected LockedFile.Multi.Generic (1)
00:14:26.0684 1536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:14:26.0684 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
00:14:26.0700 1536 ws2ifsl ( LockedFile.Multi.Generic ) - warning
00:14:26.0700 1536 ws2ifsl - detected LockedFile.Multi.Generic (1)
00:14:26.0793 1536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:14:26.0793 1536 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
00:14:26.0809 1536 WudfPf ( LockedFile.Multi.Generic ) - warning
00:14:26.0809 1536 WudfPf - detected LockedFile.Multi.Generic (1)
00:14:26.0918 1536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:14:26.0918 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
00:14:26.0949 1536 WUDFRd ( LockedFile.Multi.Generic ) - warning
00:14:26.0949 1536 WUDFRd - detected LockedFile.Multi.Generic (1)
00:14:27.0105 1536 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
00:14:27.0105 1536 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\XAudio64.sys. md5: e8f3fa126a06f8e7088f63757112a186
00:14:27.0121 1536 XAudio ( LockedFile.Multi.Generic ) - warning
00:14:27.0121 1536 XAudio - detected LockedFile.Multi.Generic (1)
00:14:27.0168 1536 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
00:14:27.0168 1536 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
00:14:27.0168 1536 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
00:14:27.0230 1536 Boot (0x1200) (51bf488da6e587825f0dc8ee4b6a84bb) \Device\Harddisk0\DR0\Partition0
00:14:27.0230 1536 \Device\Harddisk0\DR0\Partition0 - ok
00:14:27.0246 1536 Boot (0x1200) (d040fce43fe78126e2ed27ca598e975f) \Device\Harddisk0\DR0\Partition1
00:14:27.0246 1536 \Device\Harddisk0\DR0\Partition1 - ok
00:14:27.0246 1536 ============================================================
00:14:27.0246 1536 Scan finished
00:14:27.0246 1536 ============================================================
geht gleich weiter

michel_bo 27.01.2012 00:22
00:14:27.0261 1432 Detected object count: 253
00:14:27.0261 1432 Actual detected object count: 253
00:15:17.0154 1432 1394ohci ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 1394ohci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 1ed38b5879346219 ( LockedService.Multi.Generic ) - skipped by user
00:15:17.0154 1432 1ed38b5879346219 ( LockedService.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 ACPI ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 ACPI ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 AcpiPmi ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 AcpiPmi ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 adp94xx ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 adp94xx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 adpahci ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 adpahci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0154 1432 adpu320 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0154 1432 adpu320 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0170 1432 AFD ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0170 1432 AFD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0170 1432 agp440 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0170 1432 agp440 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0170 1432 aliide ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0170 1432 aliide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0186 1432 amdide ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0186 1432 amdide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0201 1432 AmdK8 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0201 1432 AmdK8 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0201 1432 AmdPPM ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0201 1432 AmdPPM ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0201 1432 amdsata ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0201 1432 amdsata ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0201 1432 amdsbs ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0201 1432 amdsbs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0232 1432 amdxata ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0232 1432 amdxata ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0232 1432 AppID ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0232 1432 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0232 1432 arc ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0232 1432 arc ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0232 1432 arcsas ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0232 1432 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0264 1432 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0264 1432 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0264 1432 atapi ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0264 1432 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0264 1432 atikmdag ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0264 1432 atikmdag ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0264 1432 b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0264 1432 b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0295 1432 b57nd60a ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0295 1432 b57nd60a ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0295 1432 BCM43XX ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0295 1432 BCM43XX ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0310 1432 Beep ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0310 1432 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0310 1432 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0310 1432 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0342 1432 bowser ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0342 1432 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0342 1432 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0342 1432 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0342 1432 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0342 1432 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0342 1432 BridgeMP ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0342 1432 BridgeMP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0373 1432 BrSerIb ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0373 1432 BrSerIb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0373 1432 Brserid ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0373 1432 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0373 1432 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0373 1432 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0373 1432 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0373 1432 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0388 1432 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0388 1432 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0388 1432 BrUsbSIb ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0404 1432 BrUsbSIb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0404 1432 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0404 1432 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0404 1432 cdfs ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0404 1432 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0420 1432 cdrom ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0420 1432 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0420 1432 circlass ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0420 1432 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0420 1432 CLFS ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0420 1432 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0420 1432 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0420 1432 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0435 1432 cmdide ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0435 1432 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0466 1432 CNG ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0466 1432 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0466 1432 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0466 1432 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0466 1432 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0466 1432 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0466 1432 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0466 1432 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0482 1432 DfsC ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0482 1432 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0498 1432 discache ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0498 1432 discache ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0498 1432 Disk ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0498 1432 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0498 1432 DKbFltr ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0498 1432 DKbFltr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0513 1432 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0513 1432 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0513 1432 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0513 1432 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0513 1432 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0513 1432 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0529 1432 elxstor ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0529 1432 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0544 1432 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0544 1432 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0544 1432 exfat ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0544 1432 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0544 1432 fastfat ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0544 1432 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0544 1432 fdc ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0544 1432 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0576 1432 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0576 1432 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0576 1432 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0576 1432 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0576 1432 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0576 1432 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0576 1432 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0576 1432 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0607 1432 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0607 1432 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0607 1432 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0607 1432 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0607 1432 fvevol ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0607 1432 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0607 1432 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0607 1432 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0638 1432 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0638 1432 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0638 1432 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0638 1432 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0638 1432 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0638 1432 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0638 1432 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0638 1432 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0669 1432 HidBth ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0669 1432 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0669 1432 HidIr ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0669 1432 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0669 1432 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0669 1432 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0669 1432 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0669 1432 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0685 1432 HTTP ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0685 1432 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0685 1432 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0685 1432 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0700 1432 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0700 1432 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0700 1432 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0700 1432 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0700 1432 iirsp ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0700 1432 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0716 1432 IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0716 1432 IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0716 1432 intelide ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0716 1432 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0716 1432 intelppm ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0716 1432 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0732 1432 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0732 1432 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0747 1432 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0747 1432 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0747 1432 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0747 1432 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0747 1432 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0747 1432 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0747 1432 isapnp ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0747 1432 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0778 1432 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0778 1432 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0778 1432 k57nd60a ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0778 1432 k57nd60a ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0778 1432 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0778 1432 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0778 1432 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0778 1432 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0810 1432 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0810 1432 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0810 1432 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0810 1432 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0810 1432 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0810 1432 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0810 1432 lltdio ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0810 1432 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0841 1432 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0841 1432 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0841 1432 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0841 1432 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0841 1432 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0841 1432 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0841 1432 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0841 1432 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0856 1432 luafv ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0856 1432 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0872 1432 mdmxsdk ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0872 1432 mdmxsdk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0872 1432 megasas ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0872 1432 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0872 1432 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0872 1432 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0888 1432 Modem ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0888 1432 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0888 1432 monitor ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0888 1432 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0903 1432 mouclass ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0903 1432 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0903 1432 mouhid ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0903 1432 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0919 1432 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0919 1432 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0919 1432 mpio ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0919 1432 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0919 1432 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0919 1432 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0919 1432 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0919 1432 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0950 1432 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0950 1432 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0950 1432 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0950 1432 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0966 1432 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0966 1432 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0966 1432 msahci ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0966 1432 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0966 1432 msdsm ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0966 1432 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0981 1432 Msfs ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0981 1432 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0981 1432 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0981 1432 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0981 1432 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0981 1432 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:17.0981 1432 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
00:15:17.0981 1432 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0012 1432 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0012 1432 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0012 1432 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0012 1432 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0012 1432 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0012 1432 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0012 1432 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0012 1432 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0044 1432 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0044 1432 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0044 1432 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0044 1432 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0044 1432 Mup ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0044 1432 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0044 1432 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0044 1432 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0059 1432 NDIS ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0059 1432 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0075 1432 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0075 1432 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0075 1432 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0075 1432 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0075 1432 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0075 1432 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0090 1432 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0090 1432 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0090 1432 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0090 1432 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0106 1432 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0106 1432 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0106 1432 NetBT ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0106 1432 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0122 1432 NETw5v64 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0122 1432 NETw5v64 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0122 1432 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0122 1432 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0122 1432 Npfs ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0122 1432 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0122 1432 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0122 1432 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0153 1432 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0153 1432 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0153 1432 NTIDrvr ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0153 1432 NTIDrvr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0153 1432 Null ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0153 1432 Null ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0153 1432 NVHDA ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0153 1432 NVHDA ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0168 1432 nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0168 1432 nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0184 1432 nvraid ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0184 1432 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0184 1432 nvstor ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0184 1432 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0184 1432 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0184 1432 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0200 1432 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0200 1432 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0200 1432 Parport ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0200 1432 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0215 1432 partmgr ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0215 1432 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0215 1432 pci ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0215 1432 pci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0215 1432 pciide ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0215 1432 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0231 1432 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0231 1432 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0231 1432 pcw ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0231 1432 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0231 1432 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0231 1432 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0246 1432 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0246 1432 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0262 1432 Processor ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0262 1432 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0262 1432 Psched ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0262 1432 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0262 1432 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0262 1432 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0262 1432 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0262 1432 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0278 1432 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0278 1432 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0293 1432 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0293 1432 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0293 1432 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0293 1432 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0293 1432 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0293 1432 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0309 1432 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0309 1432 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0309 1432 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0309 1432 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0324 1432 rdbss ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0324 1432 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0324 1432 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0324 1432 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0340 1432 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0340 1432 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0340 1432 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0340 1432 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0356 1432 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0356 1432 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0356 1432 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0356 1432 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 rspndr ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 RSUSBSTOR ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 RSUSBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 RTHDMIAzAudService ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 scfilter ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0402 1432 secdrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0402 1432 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 Serenum ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 Serial ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 sermouse ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0418 1432 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0418 1432 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 Smb ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 spldr ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 srv ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 srv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 srv2 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 SrvHsfHDA ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 SrvHsfHDA ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 SrvHsfV92 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 SrvHsfV92 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 SrvHsfWinac ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 SrvHsfWinac ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0434 1432 srvnet ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0434 1432 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 stexstor ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 swenum ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 SynTP ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 SynTP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0449 1432 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0449 1432 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 tdx ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 TermDD ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 tunnel ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 UBHelper ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 UBHelper ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0465 1432 udfs ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0465 1432 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 umbus ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 UmPass ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbcir ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbehci ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbhub ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbohci ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0480 1432 usbprint ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0480 1432 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 usbscan ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 vga ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 vga ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0496 1432 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0496 1432 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 viaide ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 volmgr ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 volsnap ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0512 1432 WANARP ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0512 1432 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 Wd ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0527 1432 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0527 1432 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0543 1432 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0543 1432 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0543 1432 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0543 1432 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0543 1432 XAudio ( LockedFile.Multi.Generic ) - skipped by user
00:15:18.0543 1432 XAudio ( LockedFile.Multi.Generic ) - User select action: Skip
00:15:18.0543 1432 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - skipped by user
00:15:18.0543 1432 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Skip


ich hoffe das ist das was du haben wolltest!? ich geh jetzt in die heia bis später!und :dankeschoen: nochmal

markusg 27.01.2012 12:04
möchte sicherheitshalber noch einen scan sehen:
http://www.trojaner-board.de/99424-c...o-scannen.html
lade hitman pro, doppelklicken, settings, license, dort testlizense wählen.
dan scan, funde in quarantäne, xml am ende exportieren und anhängen.

michel_bo 27.01.2012 17:16
moinsen und schon gehts weiter, klasse find ich das
:singsing:

<?xml version="1.0"?>
-<Log filesProcessed="2908" timeSpentInSecs="45" reboot="yes" date="2012-01-27T17:12:53" version="3.6.0.138" scan="Quick" computer="FLUFF">-<Item status="PendingDelete" score="35.0" type="Suspicious"><File hash="EF7DEEEAF848B0083E17B672CBC5C01C4063CFBF3DA319A85EAD9E215378A62F" path="C:\Windows\System32\Drivers\1ed38b5879346219.sys"/>-<Startup><Key path="HKLM\SYSTEM\ControlSet001\Services\1ed38b5879346219"/></Startup></Item></Log>

michel_bo 27.01.2012 17:35
das kommt raus wenn ich den anderen scan mache

<?xml version="1.0"?>
-<Log filesProcessed="9093" timeSpentInSecs="157" date="2012-01-27T17:29:30" version="3.6.0.138" scan="Normal" computer="FLUFF">-<Item status="RepairFailed" score="0.0" type="Repair"><File path="BCD00000000\Objects\{10cd1ef8-ced1-11e0-a427-b7beac480fbb}\Elements\16000049"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\michel\AppData\Roaming\Microsoft\Windows\Cookies\TT39IM64.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\cookies.sqlite:kaspersky.122.2o7.net"/></Item>-<Item status="None" score="103.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Infected" id="DrWeb"/></Scanners><File path="C:\Users\michel\Downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe" hash="85B4736F2AF78903D414BD1278E96DDAC6EE60F046DE436870B7A2FE6739E000"/></Item>-<Item status="None" score="35.0" type="Suspicious"><File path="C:\Windows\System32\Drivers\1ed38b5879346219.sys" hash="EF7DEEEAF848B0083E17B672CBC5C01C4063CFBF3DA319A85EAD9E215378A62F"/>-<Startup><Key path="HKLM\SYSTEM\ControlSet001\Services\1ed38b5879346219"/></Startup></Item></Log>

markusg 27.01.2012 20:27
ist diese datei noch vorhanden:
C:\Windows\System32\Drivers\1ed38b5879346219.sys
falls ja,
Trojaner-Board Upload Channel
hocholaden bitte und bescheid geben wenn das erledigt ist

michel_bo 27.01.2012 22:10
also wenn ich das ding suche auf meinem rechner zeigtt er es wunderbar an wo es ist!wenn ich es aber von da rüber ziehe in den channel dann kann ich es nicht hochladen!(es wird übrigens auch zweimal angezeit,aber der dateipfad ist der selbe!)
und wenn ich es mit dem channel suche wird es mir nicht angezeigt!und somit wird das auch nix mit dem hochladen!
was machen wir jetzt?
:party:

markusg 28.01.2012 12:44
wie meinst du rüberziehen? mit der maus ins eingabefeld, das geht nicht.
kopiere das mal in das feld datei name im upload channel
C:\Windows\System32\Drivers\1ed38b5879346219.sys
da sollte sie sein, und lade es dann hoch.

michel_bo 28.01.2012 14:18
ich bin nicht berechtigt diese datei zu öffnen!
das ist die kurz fassung von dem was dann da kommt!

markusg 28.01.2012 15:42
ich brauche keine kurzfassung sondern ne vernünftige fehlermeldung.
wie sieht es im abgesicherten modus mit netzwerk aus? bzw kannst du die datei mit rechtsklick anklicken, kopieren und sie auf dem desktop einfügen und dann hochladen?

michel_bo 28.01.2012 16:40
fehler meldung:

sie verfügen nicht über die berechtigung,diese datei zu öffnen!

Wenden sie sich an den besitzer dieser datei oder an einen administrator, um diese Berechtigung zu erhalten!


so das ist der genaue wort laut!ich kann diese datei weder verschieben noch löschen!ich kann mir nur eine verknüpfung auf den desktop machen, mehr geht nicht

markusg 28.01.2012 16:41
wie sieht es im abgesicherten modus aus, wenn du dich als admin anmeldest, bekommst du da ne kopie hin?

michel_bo 28.01.2012 16:44
den modus hatte ich dann auch schon mal getestet aber wie meinst du das mit als admin anmelden?ich bin der eizige nuzer des rechners!und es gibt keine gäste...
oder was meinst du

markusg 28.01.2012 16:51
falls du combofix bereits gelöscht hast, lade es erneut runter.
dann:

öffne start programme zubehör editor.
reinkopieren:

killall::
Rootkit::
C:\Windows\System32\Drivers\1ed38b5879346219.sys

datei speichern unter, ort, dort wo sich combofix.exe befindet, dateityp, alle dateien. name:
cfscript.txt
ziehe cfscript auf combofix, programm startet log posten

michel_bo 28.01.2012 17:30
Combofix Logfile:
Code:
ComboFix 12-01-28.01 - michel 28.01.2012  17:07:07.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4094.2740 [GMT 1:00]
ausgeführt von:: c:\users\michel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\michel\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_1ed38b5879346219
-------\Service_1ed38b5879346219
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-28  ))))))))))))))))))))))))))))))
.
.
2012-01-28 16:13 . 2012-01-28 16:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-27 22:25 . 2012-01-27 22:25        --------        d-----w-        c:\users\michel\AppData\Roaming\Avira
2012-01-27 22:19 . 2011-12-15 14:00        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-01-27 22:19 . 2011-12-15 13:59        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-01-27 22:19 . 2011-12-15 13:59        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-27 22:19 . 2012-01-27 22:19        --------        d-----w-        c:\programdata\Avira
2012-01-27 16:12 . 2012-01-28 14:19        25160        ----a-w-        c:\windows\system32\drivers\hitmanpro36.sys
2012-01-27 16:08 . 2012-01-27 16:11        --------        d-----w-        c:\program files\HitmanPro
2012-01-27 16:08 . 2012-01-27 16:14        --------        d-----w-        c:\programdata\HitmanPro
2012-01-27 16:07 . 2012-01-27 16:07        --------        d-----w-        c:\programdata\Hitman Pro
2012-01-26 19:19 . 2012-01-26 19:19        --------        d-----w-        c:\program files (x86)\Avira
2012-01-26 18:59 . 2012-01-26 18:59        --------        d-----w-        c:\program files\CCleaner
2012-01-26 18:08 . 2012-01-26 18:08        --------        d-----w-        c:\users\michel\AppData\Roaming\Malwarebytes
2012-01-26 18:08 . 2012-01-26 18:08        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-26 18:08 . 2012-01-26 18:08        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-26 18:08 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-26 17:02 . 2012-01-26 17:03        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 16:04 . 2012-01-26 16:04        --------        d-----w-        c:\program files\7-Zip
2012-01-26 15:55 . 2012-01-26 16:05        --------        d-----w-        C:\_OTL
2012-01-21 22:32 . 2012-01-21 22:32        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-21 22:32 . 2012-01-21 22:32        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-21 22:32 . 2012-01-21 22:32        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-21 22:32 . 2012-01-21 22:32        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-17 10:22 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0894C120-62E5-435C-BC89-3D94CA5AAE24}\mpengine.dll
2012-01-17 10:21 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll
2012-01-17 10:21 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-01-17 10:21 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-01-17 10:21 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll
2012-01-17 10:21 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll
2012-01-17 10:21 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2012-01-17 10:20 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-01-17 10:20 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2011-12-31 20:27 . 2012-01-26 09:58        --------        d-----w-        c:\users\michel\AppData\Roaming\vlc
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 23:47 . 2011-12-12 23:47        21840        ----a-w-        c:\windows\SysWow64\SIntfNT.dll
2011-12-12 23:47 . 2011-12-12 23:47        17212        ----a-w-        c:\windows\SysWow64\SIntf32.dll
2011-12-12 23:47 . 2011-12-12 23:47        12067        ----a-w-        c:\windows\SysWow64\SIntf16.dll
2011-12-12 21:08 . 2011-12-12 21:08        2829        ----a-w-        c:\windows\DIIUnin.pif
2011-12-12 21:08 . 2011-12-12 21:08        102400        ----a-w-        c:\windows\DIIUnin.exe
2011-11-24 04:52 . 2011-12-28 19:23        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-10-24 16:27        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-28 19:24        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-28 19:24        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-28 19:26        2309120        ----a-w-        c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-28 19:26        1390080        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-28 19:26        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-28 19:26        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-28 19:26        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-28 19:26        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-28 19:26        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-28 19:26        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-26_17.48.25  )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-19 22:03 . 2011-02-19 22:03        51024              c:\windows\SysWOW64\vcomp100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        81744              c:\windows\SysWOW64\mfcm100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        81744              c:\windows\SysWOW64\mfcm100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        60752              c:\windows\SysWOW64\mfc100rus.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        43344              c:\windows\SysWOW64\mfc100kor.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        43856              c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        62288              c:\windows\SysWOW64\mfc100ita.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        64336              c:\windows\SysWOW64\mfc100fra.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        63824              c:\windows\SysWOW64\mfc100esn.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        55120              c:\windows\SysWOW64\mfc100enu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        64336              c:\windows\SysWOW64\mfc100deu.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        36176              c:\windows\SysWOW64\mfc100cht.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        36176              c:\windows\SysWOW64\mfc100chs.dll
- 2011-08-25 14:55 . 2012-01-26 17:35        98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-08-25 14:55 . 2012-01-28 14:59        98304              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-28 16:14 . 2012-01-28 16:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 17:47 . 2012-01-26 17:47        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-28 16:14 . 2012-01-28 16:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-26 17:47 . 2012-01-26 17:47        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-18 23:40 . 2011-02-18 23:40        773968              c:\windows\SysWOW64\msvcr100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        421200              c:\windows\SysWOW64\msvcp100.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        138056              c:\windows\SysWOW64\atl100.dll
+ 2009-07-14 05:01 . 2012-01-28 16:13        311732              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-26 17:46        311732              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-19 22:08 . 2011-02-19 22:08        163840              c:\windows\Installer\1bfaa.msi
+ 2011-02-19 22:03 . 2011-02-19 22:03        4422992              c:\windows\SysWOW64\mfc100u.dll
+ 2011-02-19 22:03 . 2011-02-19 22:03        4397384              c:\windows\SysWOW64\mfc100.dll
- 2009-07-14 04:54 . 2012-01-26 17:35        1343488              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-28 14:59        1343488              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-26 17:35        3932160              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 14:59        3932160              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-26 17:01 . 2012-01-28 16:13        2004124              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4052826560-2321842712-3223092188-1000-12288.dat
- 2009-07-14 04:54 . 2012-01-26 17:35        16187392              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-28 14:59        16187392              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-30 17:30 . 2012-01-28 16:13        11233576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yinghay]
c:\windows\system32\config\systemprofile\AppData\Local\yinghay.dll [BU]
.
3;2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 1ED38B5879346219
*Deregistered* - 1ed38b5879346219
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 15:04]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 15:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-06 828960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF32660.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.us.b00kmarks.com/landing_t.php?guid={9B473226-D4BF-4F6E-AA12-FAA7802E0093}
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360811q015l03h4z195f48l2t452
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\0vswzgmp.default\
FF - prefs.js: browser.startup.homepage - www.google.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1ed38b5879346219]
"ImagePath"="\SystemRoot\System32\Drivers\1ed38b5879346219.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:52,82,c6,a3,82,92,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-28  17:24:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-28 16:24
ComboFix2.txt  2012-01-26 17:57
.
Vor Suchlauf: 14 Verzeichnis(se), 254.217.605.120 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 253.578.125.312 Bytes frei
.
- - End Of File - - 31B118F5D1A4D8A4B2FD2E49801C0552
--- --- ---

markusg 28.01.2012 17:36
öffne mal jetzt c: qoobox, quarantain mit rechts anklicken, mit winrar zip oder einem anderen archivierungsprogramm packen und das archiv im upload channel hochladen

michel_bo 28.01.2012 17:44
ich hab was hoch geladen!ich hoffe es war das richtige

markusg 28.01.2012 17:46
ist es.
starte mal neu und gucke wie das system läuft

michel_bo 28.01.2012 17:56
wie neu,als schön schnell und so,aber bei avira läuft der der echtzeit scanner immer noch nicht

markusg 28.01.2012 17:57
avira schon mal de und neu instaliert?
nach deinstalation neustarten, registry cleaner nutzen, neustarten und avira instalieren:
Avira RegistryCleaner - Download

michel_bo 28.01.2012 18:21
die schlüssel die er ausliest löschen?

markusg 28.01.2012 18:26
genau.
das sind noch überreste

michel_bo 28.01.2012 19:30
also alles getan wie gesagt !aber avira läuft immer noch nicht!also der echt zeit scanner :killpc:

und nu?

vielen dank für deine geduld

markusg 30.01.2012 13:30
dann sollten wir das gerät komplett neu aufsetzen und dann absichern.
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

michel_bo 30.01.2012 20:25
also das ganze mit dem neu auf setzten hab ich letztes jahr schon einmal gemacht!aber so richtig gut fand ich das nicht!also es war ein fertig computer!
dazu hab ich denn auch gleich mal ne frage!müsste ich mir jetzt nen win kaufen wenn ich das nicht mehr so machen will wie es der fertig computer von ganz alleine macht?
:headbang:

markusg 30.01.2012 20:42
ja, dass müsstest du dann wohl.

michel_bo 30.01.2012 20:53
hätte das denn vorteile gegenüber so einem fertig gedöns?oder ist das egal in meinem falle!ich nutz den rechner nur um d2 zu spielen und ne runde fürs internet!also nix weltbewegendes...

markusg 31.01.2012 17:14
hi, naja du brauchst trotzdem ein funktionierendes system, was ist denn zb wenn jemand, da du keine antimalware software nutzen kannst, dir einen trojaner unterschiebt und deinen pc für straftaten nutzt?
ne normale windows cd hat den vorteil, dass keine zusatzprogramme instaliert werden, die es oft bei vorinstalierten systemen gibt

michel_bo 01.02.2012 10:35
so ich hab mir jetzt ne windows cd organisiert ne echte mit allem drum und drann!wenn ich das so wie beschrieben steht in der anleitun mache, dann sagt er mir das eine datei nicht gelöscht werden kann oder defekt ist
c:/swindows.(dann kommt da eine komische welle,bei der ich nicht weiß wie man sie schreibt)BT

markusg 01.02.2012 11:58
wie formatierst du denn, aus dem laufenden windows heraus?

michel_bo 01.02.2012 12:22
das hab ich als erstes probiert!dann hab ich von der cd booten lassen und nu weiß nich nicht mehr weiter!es funktioniert alles nicht!kommt immer wieder etwas mit dieser datei!

markusg 01.02.2012 12:25
du hast von cd booten lassen, ging das, ist da gleich das windows setup gestartet?

michel_bo 01.02.2012 12:37
ja aber dann sagt er:(ich habs aufgeschrieben)

oben in der kopfzeile steht:

setub.exe- datei beschädigt

dann kommt:

die datei oder das verzeichnis D:\$windows.(besagte welle) BT ist beschädigt und nicht lesbar.Führen sie CHKDSK aus

jetzt weiß ich nicht mehr weiter

markusg 01.02.2012 12:42
dann bist du sicher nicht in der windows instalation.
prüfe mal ob folgendes bei dir eingestellt ist:
http://www.trojaner-board.de/81857-c...cd-booten.html

michel_bo 01.02.2012 12:51
doch hab ich!er sagt ja auch vor dem booten: wenn sie von cd booten wollen beliebige taste drücken und dann geht das laufwerk los und ich komme bis zur frage uptate oder benutzer installertion,dann warnt er mich noch wenn ich das so mache kann man das alte win nicht mehr verwenden!dann sag ich ist ok und dann kommt da auch schon die fehlermeldung

markusg 01.02.2012 13:24
also du wählst benutzerdefiniert, dann bis zur partitionsauswahl und dort auf formatieren?
will nur sicher gehen das du es richtig machst.

michel_bo 01.02.2012 13:41
richtig und da sind 3 stück angezeigt und die wo das alte win drauf ist, ist vor ausgewählt und da soll das neue ja auch wieder rauf

markusg 01.02.2012 16:11
kannst du mir mal aufzählen was es da alles für partitionen gibt, die du auswählen kannst?

michel_bo 01.02.2012 16:51
also es geht los!

name größe freier speicher
Datenträger 0 Partition 1:PQSERVICE 12GB 3,1 OEM(reserviert)
Datenträger 0 Partition 2:System resr 101MB 72MB System
Datenträger 0 Partition 3:Packard Bell 286GB 235,9 GB Primär

das sind die drei und die letzte ist immer scchon ausgewählt!und den namen von der 4 spalte hab ich vergessen!

markusg 01.02.2012 16:56
dann weis ich auch nicht, versuchs erst mal mit der wiederherstellung von pakart bell und dann die formatierung mit der windows cd.

michel_bo 01.02.2012 17:23
hab ich auch schon probiert aber das wird auch nix,dann sagt er mir sowas auch mit dieser datei bla bla

michel_bo 01.02.2012 17:31
frage, kann man nicht im bios die festplatte formatieren oder nulln und dann ein neues win aufsspielen?:wtf:

markusg 01.02.2012 17:51
Download | Ubuntu
mal ubuntu live cd laden, brennen und im probier modus starten, dann solltest du die platte formatieren können
und zwar im ntfs format.
GParted

michel_bo 02.02.2012 16:43
tach erst mal!ich hab jetzt erst mal das linux/ubuntu ding drauf!win ist weg!ich find es bis jetzt ganz angenehm!aber ne frage hab ich dann doch noch!laufen auf diesem betribssystem diabolo2 und die mods?also bei den mods gibs mit sicherheit was aber bei d2?

:dankeschoen: nochmal

markusg 02.02.2012 16:47
ne du solltest das ubuntu eigendlich nur zum formatieren der platte nutzen, sollte über die live cd gehen, und dann noch mal windows instalieren.
die games gehen da leider nicht :-(

michel_bo 02.02.2012 17:25
misst! aber nu ist das ja schon drauf und die platten,so hatt er es zumindest gesagt, sind formatiert!also wenn ich jetzt wieder von cd boote dann kann ich das neue win drauf haun?

markusg 02.02.2012 17:30
versuch halt mal ob es sich von cd formatieren lässt. ich hatte ja auch gesagt, dass du dier die linux cd brennen solltest um zu formatieren, links standen ja auch dazu da.

michel_bo 02.02.2012 17:36
ja die hab ich alle durchgelesen!also ich versuch das jetzt mal!

michel_bo 02.02.2012 19:50
so da bin ich wieder, unter win sieben und alles läuft bis jetzt und nen kumpel hat mir GData empfohlen!erst mal testen und dann mal sehn!jetzt noch nen paar tips von dir???!

michel_bo 02.02.2012 19:57
nur meine grafik karte will noch nicht

markusg 02.02.2012 19:58
gdata würde ich nicht nehmen.
1. frisst relativ viele resourcen.
2. ist die signaturen erkennung zwar ok, aber die verhaltensanalyse nicht das gelbe vom ei.
da es heut zu tage immer mehr trojaner gibt, kommt es aber auf verhaltensanalyse an.
deswegen rate ich dir zu emsisoft.
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware

und du kannst vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
https://www.google.com/chrome?hl=de
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

michel_bo 02.02.2012 20:41
datenausführungsverhinderung, dep

da blick ich noch nicht ganz durch!welche anwendungen solln denn da rein wenn der untere punkt "angekreuzt":wtf: ist

markusg 02.02.2012 20:46
in 99 % aller fälle keine.
außer die dep blockiert in zukunft einmal eine legitime anwendung.
das passiert aber so gut wie nie.

michel_bo 02.02.2012 22:27
und das mit dem autorun gefällt mir nicht!muss ich dann jedes mal über den geräte manager meine externe festplatte suchen?

markusg 03.02.2012 11:36
ne, wird sie nicht im arbeitsplatz angezeigt?

michel_bo 03.02.2012 12:21
doch sie wird noch angezeigt aber ich habe auch noch nicht die regedit geändert!soll ich das noch tun?

ach und dann noch was!gibt es für chrome auch nen werbungsblocker wie bei FF?

markusg 03.02.2012 12:53
hi, hattest du denn schon was an den autorun funktionen geendert? es würde ja reichen unter start ausführen
services.msc
enter
einzugeben und dort die shell hardware erkennung abzuschalten.
rechtsklick, eigenschaften, dort deaktivieren.
dann neustarten.
die platten bzw cd und dvd laufwerke werden dann ja trotzdem im arbeitsplatz angezeigt, bzw kann man ja auch desktop verknüpfungen erstellen.

michel_bo 07.02.2012 12:05
huhu da bin ich wieder!jetzt nach nen paar tagen kann ich sagen was noch nicht so richtig läuft:also in dem konto wo man nicht als admin angemeldet wird läuft das programm mit dem eselkopf nicht.
und windos aktiviert/regestriert sich nicht!
mehr hab ich erst mal nicht auf dem herzen.alles andere funktioniert super

markusg 07.02.2012 12:10
hi, wenn du damit deine tausbörsen software meinst, da werde ich dir nicht helfen, da damit in 99 % aller fälle eh illegaler weise filme, musik etc geladen werden und ich das nicht unterstütze, bezahle für das was du haben willst, du möchtest sicher in zukunft auch für deine arbeit bezahlt werden.
welche probleme gibts bei der windows registration? schon mal die microsoft hotline angerufen, die sollten dir da evtl. auch helfen können.
wegen chrome:
adblock für chrome:
http://filepony.de/download-adblock_chrome/
werbeblocker.
chrome konfigurieren:
Sicher surfen mit Google Chrome | Verbraucher sicher online

michel_bo 07.02.2012 12:22
FileHippo meinte ich, nix mit tauschbörse und son müll!nee bei ms hab ich noch nicht angerufen!mach ich denn mal heut nachmittag!

markusg 07.02.2012 12:33
ah, sorry :-)
gibts da ne fehlermeldung?

michel_bo 07.02.2012 13:31
nee aber ich habs jetzt einfach auf dem account nochmal installiert und jetzt läufts auch hier

markusg 07.02.2012 16:00
ja, das ist auch in ordnung :-)

michel_bo 07.02.2012 17:30
eins fehlt jetzt noch!ich hatte vor der neu aufsetzung sound Room!das hab ich nu nicht mehr.würde es aber gern wieder haben!

markusg 07.02.2012 17:33
hmm das kenne ich leider nicht, hab jetzt bei ner kurzen suche nur was für mac gefunden, hattest du das geladen oder wars vor instaliert?

michel_bo 07.02.2012 17:40
das war vorinstalliert!

markusg 07.02.2012 17:47
gibts zu dem pc noch weitere cds, häufig ist da ja ne driver und suport cd dabei mit verschiedenen programmen.

michel_bo 07.02.2012 17:55
ich glaub da war nix dabei!ich guck nochmal nach!aber ehr nicht!
aufklappen und spaß haben war damals angesagt!

markusg 07.02.2012 19:16
hmm wofür ist denn das programm gut gewesen?

michel_bo 07.02.2012 20:42
damit konnte ich den bass im system einstelln und noch nen paar andere nette sachen,wo die lautsprecher stehn wie groß die sind und was das für ein zimmer ist!war sehr angenehm beim filme glotzen.brauchte man das ganze nur einmal für den pc einstellen und fertig

markusg 07.02.2012 21:15
hmm
wenns vor instaliert ist, gibts das vllt beim hersteller oder beim hersteller der soundkarte.

michel_bo 08.02.2012 15:43
1. wie bekomm ich raus was meine soundkarte ist?
2. das mit der activierung hat jetzt hingehaun,aber mit dem alten produkt key
vom laptop, wieso ist das so?
3.beim hersteller hab ich noch nicht geguckt werd ich aber mal. :aufsmaul:

markusg 08.02.2012 15:46
1. entweder mal in den kaufunterlagen, oder mit everest home nen kurz bericht erstellen.
http://filepony.de/download-everest_home/
da stehts drinn.
2. kann ich dir nicht beantworten, sorry!
evtl. bei microsoft anfragen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131