|
Log-Analyse und Auswertung: system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/verstecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.11.2011, 15:23 | #1 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Hey, erst einmal muss ich sagen, dass ich nicht wirklich viel Ahnung von Computern habe und werde aber versuchen alle Anweisungen zu verstehen und blöde Fragen zu vermeiden. Also seit etwas mehr als einer Woche habe ich den System restore Virus auf meinem Laptop, dass bedeutet, wenn ich ihn hochfahre, öffnet sich ein Fenster, dass mir versucht klar zumachen, dass es eine Anwendung von Windows ist und bei einem Scan festgestellt hat, dass ich diverse Hardware Probleme auf meine Laptop habe und ein bestimmtes Programm kaufen muss um diese zu reparieren. Außerdem ist mein Desktop komplett schwarz und nur noch der Papierkorb ist vorhanden, alle meine anderen Dateien und Programme scheinen aber verschwunden zu sein. Wenn ich auf das Windows Start Zeichen klicke, öffnet sich zwar die Leiste, aber es ist alles leer und mir wird nichts mehr angezeigt. Auch meine Festplatten werden mir als 'leere Ordner' angezeigt, obwohl ich sehen kann, dass sie belegt sind. Es ist nur möglich meinen Laptop überhaupt zu benutzen und aufs Internet zu greifen zu können, da sich mein Skype automatisch öffnet und ich dann über Links firefox öffnen kann. Ich habe das alles gegoogelt aber um den Virus zu entfernen, heißt es meisten man sollte bestimmte registry einträge löschen, was mir allerdings zu riskant ist, da ich Angst habe mehr zu zerstören als zu reparieren. Also ich hoffe ihr könnt mir helfen, ich bin nämlich etwas aufgeschmissen und sage schon mal im Voraus ganz ganz vielen Dank!! Hier meine OTL.txt: OTL logfile created on: 07.11.2011 08:35:10 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Theresa\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,96% Memory free 7,83 Gb Paging File | 5,92 Gb Available in Paging File | 75,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,23 Gb Total Space | 24,29 Gb Free Space | 20,37% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 83,84 Gb Free Space | 54,49% Space Free | Partition Type: NTFS Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.07 08:31:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Downloads\OTL.exe PRC - [2011.11.07 08:25:14 | 000,050,477 | ---- | M] () -- C:\Users\Theresa\Downloads\Defogger.exe PRC - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.05 09:17:50 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.31 16:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.31 14:33:32 | 001,545,856 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.07 04:53:49 | 003,058,304 | -H-- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.25 13:32:28 | 000,166,528 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.11.15 12:42:12 | 000,305,792 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.10.07 16:05:14 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.17 16:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 15:26:00 | 000,370,480 | -H-- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 15:26:00 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.07.10 00:45:00 | 000,984,400 | -H-- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 17:21:26 | 000,103,720 | -H-- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 12:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 12:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.22 19:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.13 23:00:08 | 000,113,208 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2006.10.11 05:45:12 | 000,075,304 | -H-- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2011.11.07 08:25:14 | 000,050,477 | ---- | M] () -- C:\Users\Theresa\Downloads\Defogger.exe MOD - [2011.10.14 11:18:09 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 11:17:30 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll MOD - [2011.10.14 11:17:12 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011.10.14 11:17:03 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011.10.14 11:16:59 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll MOD - [2011.10.14 11:16:46 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll MOD - [2011.10.14 11:16:39 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011.10.14 11:16:34 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011.10.14 11:16:33 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011.10.14 11:16:24 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.31 14:33:32 | 000,208,384 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2011.07.28 18:09:42 | 000,096,112 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 17:23:36 | 000,013,096 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 17:20:10 | 000,619,816 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 04:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.08.04 04:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.22 21:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 16:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.01.12 10:50:28 | 000,332,272 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 06:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.09.18 07:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.09.15 22:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 03:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.26 19:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.13 16:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.10.14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.03 13:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.03.02 11:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 15:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 19:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 49434 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.01 20:08:54 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 14:16:06 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 14:16:05 | 000,000,000 | -H-D | M] [2011.08.01 12:44:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions [2011.11.01 20:13:42 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.01 20:13:42 | 000,000,000 | -H-D | M] (We-Care Reminder) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\wecarereminder@bryan [2011.09.22 13:53:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.01 20:09:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.09.30 23:03:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.22 13:52:56 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.30 23:03:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 23:03:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.30 23:03:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 23:03:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 23:03:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 23:03:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.11 17:33:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Reg Error: Value error.) - {0AE8089F-A64F-4DBA-B96B-5D43F0A60445} - C:\Users\Theresa\AppData\Local\NetworkWin32.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Clients Update] rundll32 ",DllRegisterServer File not found O4 - HKCU..\Run: [Macromedia Update] rundll32 ",DllRegisterServer File not found O4 - HKCU..\Run: [MouseProfileVerifier] rundll32.exe ",DllRegisterServer File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D585AA05-9E9D-4165-859A-099645FB6A55}: DhcpNameServer = 192.168.1.1 71.250.0.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.06 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\fb [2011.11.01 17:22:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE% [2011.11.01 16:45:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.29 15:00:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.29 15:00:36 | 000,000,000 | -H-D | C] -- C:\Program Files\CCleaner [2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.10.28 15:40:57 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\usa [2011.10.20 09:48:36 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\data [2011.10.20 09:24:48 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Download Manager [2011.10.20 08:07:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2011.10.20 07:42:18 | 000,000,000 | -H-D | C] -- C:\Windows\Sun [2011.10.14 15:31:04 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0 [2011.10.14 15:28:19 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\.thumbnails [2011.10.13 15:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\.Syncables [2011.10.13 15:19:28 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\ping [2011.10.12 15:49:49 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Externe Festplatte [2011.10.12 14:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes [2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod [2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour [2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour [2011.10.12 14:16:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.10.12 14:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime [2011.10.12 07:12:15 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Avira [2011.10.12 07:12:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.12 07:11:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.12 07:11:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.12 07:11:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Avira [2011.10.11 17:38:37 | 000,000,000 | -H-D | C] -- C:\Windows\temp [2011.10.11 17:33:10 | 000,000,000 | -H-D | C] -- C:\$RECYCLE.BIN [2011.10.11 16:45:15 | 000,518,144 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.10.11 16:45:15 | 000,406,528 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.10.11 16:45:15 | 000,060,416 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.10.11 16:45:11 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT [2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox [2011.10.11 16:28:17 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Local\jZip [2011.10.11 16:27:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip [2011.10.11 16:27:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\jZip [2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec [2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton [2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\NortonInstaller [2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NortonInstaller [1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.07 08:31:05 | 000,000,000 | ---- | M] () -- C:\Users\Theresa\defogger_reenable [2011.11.07 08:13:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.07 08:13:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.07 08:10:23 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.07 08:10:23 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.07 08:10:23 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.07 08:10:23 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.07 08:10:23 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.07 08:06:13 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.11.07 08:06:07 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.07 08:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.07 08:05:39 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys [2011.11.06 23:59:00 | 000,001,124 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.02 10:13:20 | 000,203,577 | -H-- | M] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png [2011.11.01 18:08:11 | 000,323,968 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP.exe [2011.11.01 18:01:15 | 000,002,454 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.11.01 17:13:48 | 000,000,085 | -H-- | M] () -- C:\Windows\wininit.ini [2011.11.01 16:45:42 | 000,001,256 | -H-- | M] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk [2011.10.29 16:46:15 | 000,043,198 | -H-- | M] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg [2011.10.29 16:45:55 | 000,020,869 | -H-- | M] () -- C:\Users\Theresa\Desktop\a.jpg [2011.10.29 14:51:59 | 000,059,776 | -H-- | M] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt [2011.10.29 09:12:25 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRW [2011.10.29 09:12:25 | 000,000,088 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRWr [2011.10.29 09:12:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9lVK7dmpdonxRW [2011.10.28 23:33:51 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.28 23:33:50 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.28 23:33:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.10.28 16:49:33 | 000,000,440 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk [2011.10.20 09:45:49 | 000,364,927 | -H-- | M] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip [2011.10.14 15:31:04 | 000,001,470 | -H-- | M] () -- C:\Users\Theresa\.recently-used.xbel [2011.10.14 11:14:43 | 000,293,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.11 17:33:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.10.08 20:56:04 | 000,001,259 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.07 08:31:05 | 000,000,000 | ---- | C] () -- C:\Users\Theresa\defogger_reenable [2011.11.02 10:12:59 | 000,203,577 | -H-- | C] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png [2011.11.01 18:08:11 | 000,323,968 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP.exe [2011.11.01 17:13:48 | 000,000,085 | -H-- | C] () -- C:\Windows\wininit.ini [2011.11.01 16:45:42 | 000,001,256 | -H-- | C] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk [2011.10.29 16:46:02 | 000,043,198 | -H-- | C] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg [2011.10.29 16:45:33 | 000,020,869 | -H-- | C] () -- C:\Users\Theresa\Desktop\a.jpg [2011.10.29 14:51:56 | 000,059,776 | -H-- | C] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt [2011.10.29 09:12:25 | 000,000,088 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRWr [2011.10.29 09:12:24 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRW [2011.10.29 09:12:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\9lVK7dmpdonxRW [2011.10.28 23:33:50 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.28 23:33:50 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.28 23:33:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.10.28 16:46:44 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.28 16:46:25 | 000,000,659 | -H-- | C] () -- C:\Users\Theresa\Desktop\System Restore.lnk [2011.10.28 16:46:22 | 000,000,440 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.20 09:45:53 | 000,055,936 | -H-- | C] () -- C:\Users\Theresa\Desktop\Setup.exe [2011.10.20 09:25:00 | 000,364,927 | -H-- | C] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip [2011.10.14 15:31:04 | 000,001,470 | -H-- | C] () -- C:\Users\Theresa\.recently-used.xbel [2011.10.11 16:45:15 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe [2011.10.11 16:45:15 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe [2011.10.11 16:45:15 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe [2011.10.11 16:45:15 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe [2011.10.11 16:45:15 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe [2011.08.05 11:40:12 | 000,000,428 | -H-- | C] () -- C:\Windows\MAXLINK.INI [2011.08.01 14:24:55 | 001,557,708 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.08 01:40:56 | 000,960,940 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.08 01:40:54 | 000,213,332 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.08 01:40:53 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2009.10.25 22:38:22 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config [2009.07.29 00:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.13 21:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.13 21:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage [2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon [2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft [2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0 [2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org [2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client [2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10 [2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP [2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon [2011.10.24 18:44:12 | 000,032,614 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.01 20:05:37 | 000,000,000 | -H-D | M] -- C:\$RECYCLE.BIN [2011.08.01 12:07:47 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011.11.01 20:05:37 | 000,000,000 | -H-D | M] -- C:\AsusVibeData [2009.07.29 01:03:34 | 000,000,000 | -H-D | M] -- C:\Boot [2009.07.14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.01 20:08:44 | 000,000,000 | -H-D | M] -- C:\eSupport [2011.05.07 04:38:20 | 000,000,000 | -H-D | M] -- C:\Intel [2009.07.13 22:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2011.11.01 20:09:16 | 000,000,000 | RH-D | M] -- C:\Program Files [2011.11.01 20:09:14 | 000,000,000 | RH-D | M] -- C:\Program Files (x86) [2011.11.04 12:54:34 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.01 20:09:30 | 000,000,000 | -H-D | M] -- C:\Qoobox [2011.08.01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Recovery [2011.11.07 08:36:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.01 12:26:31 | 000,000,000 | -H-D | M] -- C:\temp [2011.10.05 07:13:27 | 000,000,000 | RH-D | M] -- C:\Users [2011.11.01 17:59:48 | 000,000,000 | -H-D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 01:23:14 | 002,870,272 | -H-- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe [2011.02.26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.01.12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 07:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.01.12 09:25:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2011.01.12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2011.01.12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 08:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.01.12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2011.01.12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.01.12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2011.01.12 09:25:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.13 20:39:29 | 000,427,008 | -H-- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe [2009.07.13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.13 20:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.13 20:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 07:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | -H-- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 08:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.13 20:39:52 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | -H-- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 08:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | -H-- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2 < End of report > |
07.11.2011, 15:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
07.11.2011, 20:20 | #3 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Danke für die schnelle Antwort, jetzt hab ich auch endlich wieder Hoffnung, dass es bald besser wird!
__________________also erst mal das von Malwarebytes, davon hab ich übrigens noch circa 10 ältere logdateien vom 25.09.2011 bis heute, soll ich die auch alle hier rein posten? Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8106 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 07.11.2011 12:16:16 mbam-log-2011-11-07 (12-16-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Durchsuchte Objekte: 414316 Laufzeit: 39 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\1kalmig2kb7fzp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\temp\0.24309769012679938.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Theresa\AppData\Local\Temp\0.9370119253246323.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Theresa\AppData\Local\Temp\0.9815571781474048.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Theresa\AppData\Local\Temp\thpm5103442861355300949.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully. und jetzt das von dem anderen: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f98c406be858c44893427ebea98158e7 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-07 07:09:02 # local_time=2011-11-07 02:09:02 (-0500, Eastern Normalzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1792 16777215 100 0 1344312 1344312 0 0 # compatibility_mode=5893 16776573 100 94 0 72230875 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=218005 # found=3 # cleaned=0 # scan_time=5517 C:\Qoobox\Quarantine\C\Windows\SysWOW64\drivers\RKHit.sys.vir Win32/Adware.SpywareCease application (unable to clean) 00000000000000000000000000000000 I C:\Users\Theresa\Downloads\Gimp_Setup.exe a variant of Win32/Adware.iBryte.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Theresa\Downloads\Spydig_Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I |
07.11.2011, 20:36 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt mach bitte ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2011, 00:46 | #5 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt here we goOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2011 16:48:42 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Theresa\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,12% Memory free 7,83 Gb Paging File | 4,81 Gb Available in Paging File | 61,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,23 Gb Total Space | 21,73 Gb Free Space | 18,23% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 83,84 Gb Free Space | 54,49% Space Free | Partition Type: NTFS Drive F: | 979,70 Mb Total Space | 964,03 Mb Free Space | 98,40% Space Free | Partition Type: FAT Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.07 16:46:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe PRC - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.05 09:17:50 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.31 14:33:32 | 001,545,856 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.07 04:53:49 | 003,058,304 | -H-- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.25 13:32:28 | 000,166,528 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.11.15 12:42:12 | 000,305,792 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.10.27 14:21:54 | 001,155,072 | -H-- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010.10.07 16:05:14 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.17 16:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.19 15:26:00 | 000,370,480 | -H-- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 15:26:00 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.07.10 00:45:00 | 000,984,400 | -H-- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 17:21:26 | 000,103,720 | -H-- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009.06.19 12:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 12:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.12.22 19:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.13 23:00:08 | 000,113,208 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2006.10.11 05:45:12 | 000,075,304 | -H-- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 11:18:09 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 11:17:30 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll MOD - [2011.10.14 11:17:12 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011.10.14 11:17:03 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011.10.14 11:16:59 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll MOD - [2011.10.14 11:16:46 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll MOD - [2011.10.14 11:16:39 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011.10.14 11:16:34 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011.10.14 11:16:33 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011.10.14 11:16:24 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.31 14:33:32 | 000,208,384 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2011.07.28 18:09:42 | 000,096,112 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.10.27 14:23:04 | 000,106,496 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 14:22:08 | 000,147,456 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 14:22:00 | 000,028,160 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 14:19:28 | 000,372,736 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 14:19:06 | 000,025,088 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 14:18:50 | 000,180,224 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 14:18:34 | 000,540,672 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 14:13:52 | 001,382,507 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 14:13:52 | 000,074,240 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.11.02 17:23:36 | 000,013,096 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 17:20:10 | 000,619,816 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 04:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.08.04 04:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe MOD - [2008.04.16 10:42:30 | 000,376,832 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 10:42:16 | 000,524,288 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 10:42:02 | 006,701,056 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 10:36:38 | 000,376,832 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 10:36:34 | 001,654,784 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.22 21:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.01.12 10:50:28 | 000,332,272 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 06:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.09.18 07:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.09.15 22:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 03:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.26 19:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.13 16:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.10.14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.08.03 13:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.03.02 11:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 15:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 19:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 49434 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.01 20:08:54 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 14:16:06 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 14:16:05 | 000,000,000 | -H-D | M] [2011.08.01 12:44:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions [2011.11.01 20:13:42 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.01 20:13:42 | 000,000,000 | -H-D | M] (We-Care Reminder) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\wecarereminder@bryan [2011.09.22 13:53:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.01 20:09:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.09.30 23:03:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.22 13:52:56 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.30 23:03:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 23:03:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.30 23:03:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 23:03:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 23:03:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 23:03:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.11 17:33:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Reg Error: Value error.) - {0AE8089F-A64F-4DBA-B96B-5D43F0A60445} - C:\Users\Theresa\AppData\Local\NetworkWin32.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Clients Update] rundll32 ",DllRegisterServer File not found O4 - HKCU..\Run: [Macromedia Update] rundll32 ",DllRegisterServer File not found O4 - HKCU..\Run: [MouseProfileVerifier] rundll32.exe ",DllRegisterServer File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D585AA05-9E9D-4165-859A-099645FB6A55}: DhcpNameServer = 192.168.1.1 71.250.0.12 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.07 16:46:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe [2011.11.07 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure [2011.11.07 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure [2011.11.07 16:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCure [2011.11.07 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.07 12:33:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Theresa\Desktop\esetsmartinstaller_enu.exe [2011.11.07 09:43:11 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware [2011.11.07 08:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.11.07 08:56:38 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\7-Zip [2011.11.06 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\fb [2011.11.01 17:22:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE% [2011.11.01 16:45:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.29 15:00:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.10.29 15:00:36 | 000,000,000 | -H-D | C] -- C:\Program Files\CCleaner [2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.10.28 15:40:57 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\usa [2011.10.20 09:48:36 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\data [2011.10.20 09:24:48 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Download Manager [2011.10.20 08:07:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2011.10.20 08:03:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe [2011.10.20 07:42:18 | 000,000,000 | -H-D | C] -- C:\Windows\Sun [2011.10.14 15:31:04 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0 [2011.10.14 15:28:19 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\.thumbnails [2011.10.13 16:29:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.13 16:29:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.13 16:29:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.13 16:29:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.13 16:29:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.13 16:29:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.13 16:29:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.13 16:29:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.13 16:29:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.13 16:29:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.13 16:29:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.10.13 16:29:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.13 16:29:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.13 16:29:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.10.13 16:29:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.10.13 16:29:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.13 16:29:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.13 16:29:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.10.13 16:29:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.13 16:29:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.13 16:29:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.10.13 16:29:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.13 16:29:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.13 16:29:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.13 16:29:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.13 16:29:08 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.13 16:29:07 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.13 15:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\.Syncables [2011.10.13 15:19:28 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\ping [2011.10.12 15:49:49 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Externe Festplatte [2011.10.12 14:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes [2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod [2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour [2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour [2011.10.12 14:16:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.10.12 14:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime [2011.10.12 07:12:15 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Avira [2011.10.12 07:12:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.12 07:11:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.12 07:11:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.12 07:11:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Avira [2011.10.11 18:37:32 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2011.10.11 18:37:31 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll [2011.10.11 17:38:37 | 000,000,000 | -H-D | C] -- C:\Windows\temp [2011.10.11 17:33:10 | 000,000,000 | -H-D | C] -- C:\$RECYCLE.BIN [2011.10.11 16:45:15 | 000,518,144 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.10.11 16:45:15 | 000,406,528 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.10.11 16:45:15 | 000,060,416 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.10.11 16:45:11 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT [2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox [2011.10.11 16:28:17 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Local\jZip [2011.10.11 16:27:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip [2011.10.11 16:27:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\jZip [2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec [2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton [2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\NortonInstaller [2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NortonInstaller [1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.07 16:46:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe [2011.11.07 16:31:09 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job [2011.11.07 16:31:09 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\RegCure.job [2011.11.07 16:31:06 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk [2011.11.07 16:25:44 | 001,304,322 | ---- | M] () -- C:\Users\Theresa\Desktop\regsicherung.reg [2011.11.07 15:59:01 | 000,001,124 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.07 14:31:42 | 000,229,763 | ---- | M] () -- C:\Users\Theresa\Documents\Fringe.mp3 [2011.11.07 13:19:36 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.07 13:19:36 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.07 13:19:36 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.07 13:19:36 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.07 13:19:36 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.07 12:33:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Theresa\Desktop\esetsmartinstaller_enu.exe [2011.11.07 12:26:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.07 12:26:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.07 12:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.11.07 12:19:07 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.07 12:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.07 12:17:10 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys [2011.11.07 09:43:16 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.07 08:31:05 | 000,000,000 | ---- | M] () -- C:\Users\Theresa\defogger_reenable [2011.11.02 10:13:20 | 000,203,577 | -H-- | M] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png [2011.11.01 18:01:15 | 000,002,454 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2011.11.01 17:13:48 | 000,000,085 | -H-- | M] () -- C:\Windows\wininit.ini [2011.11.01 16:45:42 | 000,001,256 | -H-- | M] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk [2011.10.29 16:46:15 | 000,043,198 | -H-- | M] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg [2011.10.29 16:45:55 | 000,020,869 | -H-- | M] () -- C:\Users\Theresa\Desktop\a.jpg [2011.10.29 14:51:59 | 000,059,776 | -H-- | M] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt [2011.10.29 09:12:25 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRW [2011.10.29 09:12:25 | 000,000,088 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRWr [2011.10.29 09:12:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9lVK7dmpdonxRW [2011.10.28 23:33:51 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.28 23:33:50 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.28 23:33:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.10.28 16:49:33 | 000,000,440 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk [2011.10.20 09:45:49 | 000,364,927 | -H-- | M] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip [2011.10.14 15:31:04 | 000,001,470 | -H-- | M] () -- C:\Users\Theresa\.recently-used.xbel [2011.10.14 11:14:43 | 000,293,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.11 17:33:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.10.08 20:56:04 | 000,001,259 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.07 16:31:09 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job [2011.11.07 16:31:08 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\RegCure.job [2011.11.07 16:31:06 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk [2011.11.07 16:25:43 | 001,304,322 | ---- | C] () -- C:\Users\Theresa\Desktop\regsicherung.reg [2011.11.07 14:31:24 | 000,229,763 | ---- | C] () -- C:\Users\Theresa\Documents\Fringe.mp3 [2011.11.07 09:43:16 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.07 08:31:05 | 000,000,000 | ---- | C] () -- C:\Users\Theresa\defogger_reenable [2011.11.02 10:12:59 | 000,203,577 | -H-- | C] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png [2011.11.01 17:13:48 | 000,000,085 | -H-- | C] () -- C:\Windows\wininit.ini [2011.11.01 16:45:42 | 000,001,256 | -H-- | C] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk [2011.10.29 16:46:02 | 000,043,198 | -H-- | C] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg [2011.10.29 16:45:33 | 000,020,869 | -H-- | C] () -- C:\Users\Theresa\Desktop\a.jpg [2011.10.29 14:51:56 | 000,059,776 | -H-- | C] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt [2011.10.29 09:12:25 | 000,000,088 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRWr [2011.10.29 09:12:24 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRW [2011.10.29 09:12:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\9lVK7dmpdonxRW [2011.10.28 23:33:50 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.28 23:33:50 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.28 23:33:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.10.28 16:46:44 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.28 16:46:44 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.28 16:46:25 | 000,000,659 | -H-- | C] () -- C:\Users\Theresa\Desktop\System Restore.lnk [2011.10.28 16:46:22 | 000,000,440 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.20 09:45:53 | 000,055,936 | -H-- | C] () -- C:\Users\Theresa\Desktop\Setup.exe [2011.10.20 09:25:00 | 000,364,927 | -H-- | C] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip [2011.10.14 15:31:04 | 000,001,470 | -H-- | C] () -- C:\Users\Theresa\.recently-used.xbel [2011.10.11 16:45:15 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe [2011.10.11 16:45:15 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe [2011.10.11 16:45:15 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe [2011.10.11 16:45:15 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe [2011.10.11 16:45:15 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe [2011.08.05 11:40:12 | 000,000,428 | -H-- | C] () -- C:\Windows\MAXLINK.INI [2011.08.01 14:24:55 | 001,557,708 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.08 01:40:56 | 000,960,940 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.08 01:40:54 | 000,213,332 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.08 01:40:53 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2009.10.25 22:38:22 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config [2009.07.29 00:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.13 21:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.13 21:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage [2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon [2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft [2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0 [2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org [2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client [2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10 [2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP [2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon [2011.11.07 16:31:09 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job [2011.11.07 16:31:09 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\RegCure.job [2011.10.24 18:44:12 | 000,032,614 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.01 20:10:09 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Adobe [2011.08.16 12:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Apple Computer [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage [2011.10.12 07:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Avira [2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon [2011.10.08 21:30:27 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DivX [2011.10.20 09:45:49 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Download Manager [2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft [2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.01 20:10:11 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\FLEXnet [2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0 [2011.08.01 12:05:48 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Identities [2011.08.01 12:10:19 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Macromedia [2011.09.25 18:17:24 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Malwarebytes [2009.07.14 02:44:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Media Center Programs [2011.11.01 20:13:41 | 000,000,000 | --SD | M] -- C:\Users\Theresa\AppData\Roaming\Microsoft [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Mozilla [2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org [2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft [2011.11.07 16:48:49 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Skype [2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client [2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10 [2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP [2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.13 20:15:06 | 000,012,288 | -H-- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.13 20:40:20 | 000,018,944 | -H-- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.09.13 05:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys [2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010.09.13 05:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 08:33:38 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.01.12 11:20:46 | 000,410,504 | -H-- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 01:19:16 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 01:41:26 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 01:23:00 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 01:23:00 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 01:25:49 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.13 20:48:04 | 000,410,688 | -H-- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.13 20:48:04 | 000,410,688 | -H-- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.01.12 11:20:46 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.13 20:41:52 | 000,692,736 | -H-- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2009.07.13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 08:27:22 | 000,695,808 | -H-- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 07:20:28 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.13 20:16:02 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll [2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.01.12 11:20:46 | 000,166,280 | -H-- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.13 20:45:45 | 000,167,488 | -H-- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.13 20:45:45 | 000,167,488 | -H-- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 01:23:06 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 01:23:06 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 01:25:53 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.01.12 11:20:46 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 01:19:21 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 01:41:34 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 08:33:48 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.13 20:16:13 | 000,175,616 | -H-- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.13 20:41:53 | 000,232,448 | -H-- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2009.07.13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 07:21:04 | 000,175,616 | -H-- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 08:27:25 | 000,232,960 | -H-- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 07:08:57 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.13 20:41:56 | 001,008,640 | -H-- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009.07.13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.13 20:11:24 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2009.07.13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 08:27:27 | 001,008,128 | -H-- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 07:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | -H-- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 08:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.13 20:39:52 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | -H-- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 08:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | -H-- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.13 20:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll [2009.07.13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.07.13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.08.19 23:35:00 | 010,990,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2011.08.19 23:35:00 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > |
08.11.2011, 03:32 | #6 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Ich hab grad beim rumstöbern hier im Forum entdeckt, dass sie hier: http://www.trojaner-board.de/104051-...ermeldung.html genau das Problem beschreibt, was ich auch habe. Überall heißt es ja immer man sollte aber bloß nicht einfach die Schritte befolgen, die jemand anderem empfohlen werden, weil jedes Problem individuell ist. Deshalb dachte ich, ich frag einfach mal nach, denkst du ich sollte es mal mit Combofix usw. probieren? |
08.11.2011, 09:33 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/verstecktZitat:
=> [2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox Das Log dazu bitte nachreichen!! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 49434 FF - prefs.js..network.proxy.type: 0 [2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249 [2011.11.07 12:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 :Files C:\WINDOWS\svchost.exe C:\ProgramData\~9 C:\ProgramData\~6 C:\ProgramData\~1 C:\ProgramData\9 C:\ProgramData\6 C:\ProgramData\1 :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2011, 02:35 | #8 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Ja stimmt ich hab schon mal combofix laufen lassen, aber das war vor einem monat, da hatte ich einen anderen virus drauf und damit ist er dann verschwunden aber ich weiß nicht wo ich die logdatei finden soll, weil ich keinen zugriff auf meine ordner und programme habe, die sind alle weg oder eben versteckt. Ich hab eben mal combofix gestartet um zu gucken ob man dort die logdateien abrufen kann, aber der hat dann nur direkt einen scan gemacht.Sschon mal was sich verändert hat...in meiner startzeile steht jetzt rechts wieder dokumente, bilder, musik, computer, systemsteuerung und hilfe und support, aber meine programme und ordner sind immer noch weg und mein desktophintergrund auch immer noch schwarz und ich kann ihn auch nicht ändern aber das system restore und die fehlermeldungen erscheinen nicht mehr beim starten also hier dann die logdatei von OTL All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 49434 removed from network.proxy.http_port Prefs.js: 0 removed from network.proxy.type Folder C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\ not found. C:\Users\Theresa\AppData\Roaming\C4136249 folder moved successfully. C:\Windows\SysNative\acovcnt.exe moved successfully. C:\Users\Theresa\Desktop\System Restore.lnk moved successfully. ADS C:\ProgramData\TempFC5A2B2 deleted successfully. ========== FILES ========== C:\WINDOWS\svchost.exe moved successfully. File\Folder C:\ProgramData\~9 not found. File\Folder C:\ProgramData\~6 not found. File\Folder C:\ProgramData\~1 not found. File\Folder C:\ProgramData\9 not found. File\Folder C:\ProgramData\6 not found. File\Folder C:\ProgramData\1 not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Theresa ->Temp folder emptied: 2678 bytes ->Temporary Internet Files folder emptied: 47246722 bytes ->Java cache emptied: 380974 bytes ->FireFox cache emptied: 75719685 bytes ->Flash cache emptied: 25818 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 213789475 bytes ->Flash cache emptied: 8488 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13398019 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 334,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11082011_201048 Files\Folders moved on Reboot... C:\Users\Theresa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
09.11.2011, 10:04 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
10.11.2011, 05:24 | #10 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Hey, ich hab den Quarantäne Ordner hochgeladen. Außerdem hab ich dieses Program ausprobiert hxxp://download.bleepingcomputer.com/grinler/unhide.exe weil ich ganz dringend Dateien von mir benötigte. Ich war richtig überrascht, meine Programme und meine Dateien sind dadurch alle wieder aufgetauscht und auch meinen Desktophintergrund kann ich jetzt wieder ändern. Allerdings ist mein Laptop heute wieder einmal abgestürzt und hat mir einen blue screen angezeigt. Danke noch mal für die Hilfe, ich bin jetzt schon voll begeistert, hatte es eigentlich vorher schon aufgegeben |
10.11.2011, 11:56 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.11.2011, 01:47 | #12 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt okay,hier ist es... 19:37:27.0836 1304 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26 19:37:28.0007 1304 ============================================================ 19:37:28.0007 1304 Current date / time: 2011/11/10 19:37:28.0007 19:37:28.0007 1304 SystemInfo: 19:37:28.0007 1304 19:37:28.0007 1304 OS Version: 6.1.7600 ServicePack: 0.0 19:37:28.0007 1304 Product type: Workstation 19:37:28.0007 1304 ComputerName: THERESA-PC 19:37:28.0007 1304 UserName: Theresa 19:37:28.0007 1304 Windows directory: C:\Windows 19:37:28.0007 1304 System windows directory: C:\Windows 19:37:28.0007 1304 Running under WOW64 19:37:28.0007 1304 Processor architecture: Intel x64 19:37:28.0007 1304 Number of processors: 4 19:37:28.0007 1304 Page size: 0x1000 19:37:28.0007 1304 Boot type: Normal boot 19:37:28.0007 1304 ============================================================ 19:37:29.0505 1304 Initialize success 19:37:39.0083 4956 ============================================================ 19:37:39.0083 4956 Scan started 19:37:39.0083 4956 Mode: Manual; SigCheck; TDLFS; 19:37:39.0083 4956 ============================================================ 19:37:41.0726 4956 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 19:37:42.0034 4956 1394ohci - ok 19:37:42.0487 4956 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 19:37:42.0518 4956 ACPI - ok 19:37:42.0956 4956 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 19:37:43.0548 4956 AcpiPmi - ok 19:37:44.0127 4956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:37:44.0158 4956 adp94xx - ok 19:37:44.0283 4956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:37:44.0314 4956 adpahci - ok 19:37:44.0392 4956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:37:44.0407 4956 adpu320 - ok 19:37:44.0532 4956 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 19:37:44.0579 4956 AFD - ok 19:37:44.0626 4956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 19:37:44.0657 4956 agp440 - ok 19:37:44.0782 4956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 19:37:44.0813 4956 aliide - ok 19:37:44.0875 4956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 19:37:44.0907 4956 amdide - ok 19:37:45.0094 4956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:37:45.0187 4956 AmdK8 - ok 19:37:45.0343 4956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:37:45.0437 4956 AmdPPM - ok 19:37:45.0546 4956 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 19:37:45.0577 4956 amdsata - ok 19:37:45.0624 4956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:37:45.0655 4956 amdsbs - ok 19:37:45.0702 4956 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 19:37:45.0718 4956 amdxata - ok 19:37:45.0765 4956 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 19:37:45.0889 4956 AppID - ok 19:37:45.0967 4956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:37:45.0999 4956 arc - ok 19:37:46.0045 4956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:37:46.0077 4956 arcsas - ok 19:37:46.0186 4956 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 19:37:46.0295 4956 ASMMAP64 - ok 19:37:46.0326 4956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:37:46.0404 4956 AsyncMac - ok 19:37:46.0467 4956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 19:37:46.0498 4956 atapi - ok 19:37:46.0576 4956 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 19:37:46.0716 4956 athr - ok 19:37:46.0857 4956 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 19:37:46.0872 4956 ATKWMIACPIIO - ok 19:37:47.0028 4956 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 19:37:47.0059 4956 avgntflt - ok 19:37:47.0091 4956 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys 19:37:47.0122 4956 avipbb - ok 19:37:47.0137 4956 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 19:37:47.0153 4956 avkmgr - ok 19:37:47.0247 4956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:37:47.0340 4956 b06bdrv - ok 19:37:47.0403 4956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:37:47.0481 4956 b57nd60a - ok 19:37:47.0543 4956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:37:47.0621 4956 Beep - ok 19:37:47.0699 4956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:37:47.0777 4956 blbdrive - ok 19:37:47.0886 4956 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 19:37:47.0995 4956 bowser - ok 19:37:48.0089 4956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:37:48.0136 4956 BrFiltLo - ok 19:37:48.0151 4956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:37:48.0167 4956 BrFiltUp - ok 19:37:48.0198 4956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:37:48.0245 4956 Brserid - ok 19:37:48.0276 4956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:37:48.0323 4956 BrSerWdm - ok 19:37:48.0323 4956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:37:48.0370 4956 BrUsbMdm - ok 19:37:48.0370 4956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:37:48.0401 4956 BrUsbSer - ok 19:37:48.0479 4956 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:37:48.0573 4956 BthEnum - ok 19:37:48.0604 4956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:37:48.0682 4956 BTHMODEM - ok 19:37:48.0713 4956 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:37:48.0775 4956 BthPan - ok 19:37:48.0853 4956 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 19:37:48.0947 4956 BTHPORT - ok 19:37:49.0009 4956 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 19:37:49.0041 4956 BTHUSB - ok 19:37:49.0212 4956 catchme - ok 19:37:49.0275 4956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:37:49.0384 4956 cdfs - ok 19:37:49.0431 4956 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 19:37:49.0493 4956 cdrom - ok 19:37:49.0540 4956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:37:49.0602 4956 circlass - ok 19:37:49.0649 4956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:37:49.0665 4956 CLFS - ok 19:37:49.0789 4956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:37:49.0836 4956 CmBatt - ok 19:37:49.0852 4956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 19:37:49.0867 4956 cmdide - ok 19:37:49.0899 4956 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 19:37:49.0992 4956 CNG - ok 19:37:50.0039 4956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:37:50.0070 4956 Compbatt - ok 19:37:50.0117 4956 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:37:50.0179 4956 CompositeBus - ok 19:37:50.0211 4956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:37:50.0242 4956 crcdisk - ok 19:37:50.0335 4956 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 19:37:50.0382 4956 DfsC - ok 19:37:50.0429 4956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:37:50.0523 4956 discache - ok 19:37:50.0616 4956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:37:50.0647 4956 Disk - ok 19:37:50.0710 4956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:37:50.0757 4956 drmkaud - ok 19:37:50.0819 4956 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 19:37:50.0897 4956 DXGKrnl - ok 19:37:50.0991 4956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:37:51.0162 4956 ebdrv - ok 19:37:51.0256 4956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:37:51.0303 4956 elxstor - ok 19:37:51.0303 4956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 19:37:51.0349 4956 ErrDev - ok 19:37:51.0396 4956 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys 19:37:51.0427 4956 ETD - ok 19:37:51.0459 4956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:37:51.0537 4956 exfat - ok 19:37:51.0568 4956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:37:51.0630 4956 fastfat - ok 19:37:51.0661 4956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:37:51.0708 4956 fdc - ok 19:37:51.0755 4956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:37:51.0771 4956 FileInfo - ok 19:37:51.0802 4956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:37:51.0880 4956 Filetrace - ok 19:37:51.0911 4956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:37:51.0942 4956 flpydisk - ok 19:37:51.0973 4956 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 19:37:52.0005 4956 FltMgr - ok 19:37:52.0020 4956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:37:52.0036 4956 FsDepends - ok 19:37:52.0098 4956 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 19:37:52.0114 4956 fssfltr - ok 19:37:52.0176 4956 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:37:52.0207 4956 Fs_Rec - ok 19:37:52.0254 4956 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:37:52.0270 4956 fvevol - ok 19:37:52.0317 4956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:37:52.0348 4956 gagp30kx - ok 19:37:52.0395 4956 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:37:52.0426 4956 GEARAspiWDM - ok 19:37:52.0519 4956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:37:52.0566 4956 hcw85cir - ok 19:37:52.0582 4956 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 19:37:52.0675 4956 HdAudAddService - ok 19:37:52.0785 4956 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:37:52.0847 4956 HDAudBus - ok 19:37:52.0863 4956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:37:52.0925 4956 HidBatt - ok 19:37:52.0956 4956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:37:53.0003 4956 HidBth - ok 19:37:53.0019 4956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:37:53.0065 4956 HidIr - ok 19:37:53.0081 4956 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 19:37:53.0112 4956 HidUsb - ok 19:37:53.0143 4956 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:37:53.0175 4956 HpSAMD - ok 19:37:53.0237 4956 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 19:37:53.0331 4956 HTTP - ok 19:37:53.0362 4956 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 19:37:53.0362 4956 hwpolicy - ok 19:37:53.0393 4956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:37:53.0409 4956 i8042prt - ok 19:37:53.0471 4956 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys 19:37:53.0487 4956 iaStor - ok 19:37:53.0549 4956 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 19:37:53.0611 4956 iaStorV - ok 19:37:53.0861 4956 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:37:54.0298 4956 igfx - ok 19:37:54.0423 4956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:37:54.0454 4956 iirsp - ok 19:37:54.0625 4956 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys 19:37:54.0766 4956 IntcAzAudAddService - ok 19:37:54.0891 4956 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 19:37:54.0953 4956 IntcDAud - ok 19:37:55.0031 4956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 19:37:55.0047 4956 intelide - ok 19:37:55.0093 4956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:37:55.0125 4956 intelppm - ok 19:37:55.0140 4956 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:37:55.0203 4956 IpFilterDriver - ok 19:37:55.0234 4956 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:37:55.0265 4956 IPMIDRV - ok 19:37:55.0327 4956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:37:55.0390 4956 IPNAT - ok 19:37:55.0437 4956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:37:55.0483 4956 IRENUM - ok 19:37:55.0515 4956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 19:37:55.0530 4956 isapnp - ok 19:37:55.0561 4956 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 19:37:55.0593 4956 iScsiPrt - ok 19:37:55.0639 4956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:37:55.0671 4956 kbdclass - ok 19:37:55.0733 4956 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 19:37:55.0795 4956 kbdhid - ok 19:37:55.0842 4956 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 19:37:55.0873 4956 kbfiltr - ok 19:37:55.0905 4956 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 19:37:55.0936 4956 KSecDD - ok 19:37:55.0967 4956 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 19:37:55.0983 4956 KSecPkg - ok 19:37:56.0029 4956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:37:56.0123 4956 ksthunk - ok 19:37:56.0435 4956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:37:56.0544 4956 lltdio - ok 19:37:56.0591 4956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:37:56.0622 4956 LSI_FC - ok 19:37:56.0638 4956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:37:56.0653 4956 LSI_SAS - ok 19:37:56.0716 4956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:37:56.0747 4956 LSI_SAS2 - ok 19:37:56.0763 4956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:37:56.0778 4956 LSI_SCSI - ok 19:37:56.0809 4956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:37:56.0872 4956 luafv - ok 19:37:56.0950 4956 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 19:37:56.0981 4956 MBAMProtector - ok 19:37:57.0028 4956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:37:57.0059 4956 megasas - ok 19:37:57.0075 4956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:37:57.0106 4956 MegaSR - ok 19:37:57.0168 4956 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys 19:37:57.0184 4956 MEIx64 - ok 19:37:57.0199 4956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:37:57.0293 4956 Modem - ok 19:37:57.0340 4956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:37:57.0387 4956 monitor - ok 19:37:57.0449 4956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:37:57.0480 4956 mouclass - ok 19:37:57.0496 4956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:37:57.0543 4956 mouhid - ok 19:37:57.0621 4956 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 19:37:57.0652 4956 mountmgr - ok 19:37:57.0667 4956 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 19:37:57.0683 4956 mpio - ok 19:37:57.0730 4956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:37:57.0855 4956 mpsdrv - ok 19:37:57.0870 4956 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 19:37:57.0917 4956 MRxDAV - ok 19:37:57.0964 4956 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:37:58.0011 4956 mrxsmb - ok 19:37:58.0057 4956 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:37:58.0120 4956 mrxsmb10 - ok 19:37:58.0151 4956 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:37:58.0167 4956 mrxsmb20 - ok 19:37:58.0198 4956 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 19:37:58.0213 4956 msahci - ok 19:37:58.0245 4956 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 19:37:58.0260 4956 msdsm - ok 19:37:58.0323 4956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:37:58.0416 4956 Msfs - ok 19:37:58.0463 4956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:37:58.0557 4956 mshidkmdf - ok 19:37:58.0572 4956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 19:37:58.0588 4956 msisadrv - ok 19:37:58.0635 4956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:37:58.0697 4956 MSKSSRV - ok 19:37:58.0713 4956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:37:58.0775 4956 MSPCLOCK - ok 19:37:58.0775 4956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:37:58.0837 4956 MSPQM - ok 19:37:58.0869 4956 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 19:37:58.0884 4956 MsRPC - ok 19:37:58.0915 4956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:37:58.0915 4956 mssmbios - ok 19:37:58.0931 4956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:37:58.0962 4956 MSTEE - ok 19:37:58.0978 4956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:37:59.0009 4956 MTConfig - ok 19:37:59.0040 4956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:37:59.0056 4956 Mup - ok 19:37:59.0103 4956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:37:59.0196 4956 NativeWifiP - ok 19:37:59.0274 4956 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys 19:37:59.0337 4956 NDIS - ok 19:37:59.0383 4956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:37:59.0446 4956 NdisCap - ok 19:37:59.0493 4956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:37:59.0586 4956 NdisTapi - ok 19:37:59.0633 4956 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 19:37:59.0695 4956 Ndisuio - ok 19:37:59.0727 4956 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:37:59.0789 4956 NdisWan - ok 19:37:59.0820 4956 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 19:37:59.0867 4956 NDProxy - ok 19:37:59.0914 4956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:37:59.0961 4956 NetBIOS - ok 19:37:59.0992 4956 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 19:38:00.0054 4956 NetBT - ok 19:38:00.0117 4956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:38:00.0132 4956 nfrd960 - ok 19:38:00.0180 4956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:38:00.0236 4956 Npfs - ok 19:38:00.0267 4956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:38:00.0325 4956 nsiproxy - ok 19:38:00.0415 4956 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 19:38:00.0586 4956 Ntfs - ok 19:38:00.0609 4956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:38:00.0680 4956 Null - ok 19:38:01.0015 4956 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:38:01.0501 4956 nvlddmkm - ok 19:38:01.0611 4956 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys 19:38:01.0642 4956 nvpciflt - ok 19:38:01.0720 4956 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 19:38:01.0751 4956 nvraid - ok 19:38:01.0798 4956 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 19:38:01.0829 4956 nvstor - ok 19:38:01.0891 4956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 19:38:01.0938 4956 nv_agp - ok 19:38:01.0938 4956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 19:38:02.0001 4956 ohci1394 - ok 19:38:02.0063 4956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:38:02.0110 4956 Parport - ok 19:38:02.0141 4956 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 19:38:02.0157 4956 partmgr - ok 19:38:02.0188 4956 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 19:38:02.0203 4956 pci - ok 19:38:02.0266 4956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:38:02.0297 4956 pciide - ok 19:38:02.0328 4956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:38:02.0344 4956 pcmcia - ok 19:38:02.0375 4956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:38:02.0391 4956 pcw - ok 19:38:02.0422 4956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:38:02.0515 4956 PEAUTH - ok 19:38:02.0671 4956 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 19:38:02.0812 4956 PptpMiniport - ok 19:38:02.0890 4956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:38:02.0921 4956 Processor - ok 19:38:02.0952 4956 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 19:38:02.0999 4956 Psched - ok 19:38:03.0077 4956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:38:03.0186 4956 ql2300 - ok 19:38:03.0202 4956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:38:03.0217 4956 ql40xx - ok 19:38:03.0249 4956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:38:03.0311 4956 QWAVEdrv - ok 19:38:03.0327 4956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:38:03.0389 4956 RasAcd - ok 19:38:03.0451 4956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:38:03.0514 4956 RasAgileVpn - ok 19:38:03.0576 4956 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:38:03.0639 4956 Rasl2tp - ok 19:38:03.0685 4956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:38:03.0810 4956 RasPppoe - ok 19:38:03.0857 4956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:38:03.0966 4956 RasSstp - ok 19:38:03.0997 4956 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 19:38:04.0044 4956 rdbss - ok 19:38:04.0075 4956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:38:04.0107 4956 rdpbus - ok 19:38:04.0153 4956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:38:04.0231 4956 RDPCDD - ok 19:38:04.0263 4956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:38:04.0341 4956 RDPENCDD - ok 19:38:04.0372 4956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:38:04.0450 4956 RDPREFMP - ok 19:38:04.0481 4956 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 19:38:04.0543 4956 RDPWD - ok 19:38:04.0606 4956 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys 19:38:04.0637 4956 rdyboost - ok 19:38:04.0684 4956 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:38:04.0777 4956 RFCOMM - ok 19:38:04.0824 4956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:38:04.0933 4956 rspndr - ok 19:38:04.0965 4956 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys 19:38:04.0996 4956 RSUSBVSTOR - ok 19:38:05.0058 4956 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:38:05.0105 4956 RTL8167 - ok 19:38:05.0136 4956 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 19:38:05.0167 4956 sbp2port - ok 19:38:05.0230 4956 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 19:38:05.0323 4956 scfilter - ok 19:38:05.0370 4956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:38:05.0417 4956 secdrv - ok 19:38:05.0464 4956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:38:05.0526 4956 Serenum - ok 19:38:05.0526 4956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:38:05.0557 4956 Serial - ok 19:38:05.0589 4956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:38:05.0620 4956 sermouse - ok 19:38:05.0635 4956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 19:38:05.0698 4956 sffdisk - ok 19:38:05.0713 4956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:38:05.0745 4956 sffp_mmc - ok 19:38:05.0760 4956 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:38:05.0791 4956 sffp_sd - ok 19:38:05.0791 4956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:38:05.0823 4956 sfloppy - ok 19:38:05.0901 4956 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys 19:38:05.0963 4956 Sftfs - ok 19:38:06.0010 4956 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys 19:38:06.0057 4956 Sftplay - ok 19:38:06.0088 4956 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys 19:38:06.0103 4956 Sftredir - ok 19:38:06.0150 4956 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys 19:38:06.0166 4956 Sftvol - ok 19:38:06.0244 4956 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 19:38:06.0275 4956 SiSGbeLH - ok 19:38:06.0306 4956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:38:06.0337 4956 SiSRaid2 - ok 19:38:06.0353 4956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:38:06.0369 4956 SiSRaid4 - ok 19:38:06.0369 4956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:38:06.0447 4956 Smb - ok 19:38:06.0525 4956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:38:06.0540 4956 spldr - ok 19:38:06.0634 4956 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 19:38:06.0727 4956 srv - ok 19:38:06.0774 4956 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 19:38:06.0852 4956 srv2 - ok 19:38:06.0899 4956 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 19:38:06.0961 4956 srvnet - ok 19:38:07.0039 4956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:38:07.0055 4956 stexstor - ok 19:38:07.0133 4956 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 19:38:07.0195 4956 StillCam - ok 19:38:07.0242 4956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:38:07.0258 4956 swenum - ok 19:38:07.0383 4956 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 19:38:07.0554 4956 Tcpip - ok 19:38:07.0585 4956 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 19:38:07.0632 4956 TCPIP6 - ok 19:38:07.0741 4956 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 19:38:07.0851 4956 tcpipreg - ok 19:38:07.0929 4956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:38:08.0007 4956 TDPIPE - ok 19:38:08.0022 4956 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 19:38:08.0069 4956 TDTCP - ok 19:38:08.0100 4956 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 19:38:08.0163 4956 tdx - ok 19:38:08.0194 4956 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 19:38:08.0225 4956 TermDD - ok 19:38:08.0303 4956 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:38:08.0365 4956 tssecsrv - ok 19:38:08.0428 4956 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 19:38:08.0490 4956 tunnel - ok 19:38:08.0521 4956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:38:08.0537 4956 uagp35 - ok 19:38:08.0553 4956 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 19:38:08.0615 4956 udfs - ok 19:38:08.0646 4956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:38:08.0662 4956 uliagpkx - ok 19:38:08.0709 4956 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 19:38:08.0755 4956 umbus - ok 19:38:08.0771 4956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:38:08.0802 4956 UmPass - ok 19:38:08.0865 4956 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 19:38:08.0927 4956 usbccgp - ok 19:38:08.0958 4956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 19:38:09.0005 4956 usbcir - ok 19:38:09.0036 4956 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 19:38:09.0099 4956 usbehci - ok 19:38:09.0145 4956 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 19:38:09.0239 4956 usbhub - ok 19:38:09.0270 4956 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 19:38:09.0333 4956 usbohci - ok 19:38:09.0364 4956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:38:09.0411 4956 usbprint - ok 19:38:09.0442 4956 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:38:09.0473 4956 USBSTOR - ok 19:38:09.0535 4956 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 19:38:09.0567 4956 usbuhci - ok 19:38:09.0645 4956 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 19:38:09.0691 4956 usbvideo - ok 19:38:09.0738 4956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:38:09.0769 4956 vdrvroot - ok 19:38:09.0832 4956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:38:09.0847 4956 vga - ok 19:38:09.0894 4956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:38:10.0019 4956 VgaSave - ok 19:38:10.0035 4956 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 19:38:10.0050 4956 vhdmp - ok 19:38:10.0097 4956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 19:38:10.0113 4956 viaide - ok 19:38:10.0159 4956 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 19:38:10.0175 4956 volmgr - ok 19:38:10.0222 4956 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 19:38:10.0237 4956 volmgrx - ok 19:38:10.0284 4956 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 19:38:10.0331 4956 volsnap - ok 19:38:10.0409 4956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:38:10.0440 4956 vsmraid - ok 19:38:10.0471 4956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:38:10.0534 4956 vwifibus - ok 19:38:10.0581 4956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:38:10.0627 4956 vwififlt - ok 19:38:10.0705 4956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:38:10.0752 4956 WacomPen - ok 19:38:10.0799 4956 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:38:10.0861 4956 WANARP - ok 19:38:10.0893 4956 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:38:10.0939 4956 Wanarpv6 - ok 19:38:11.0033 4956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:38:11.0049 4956 Wd - ok 19:38:11.0173 4956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:38:11.0236 4956 Wdf01000 - ok 19:38:11.0298 4956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:38:11.0329 4956 WfpLwf - ok 19:38:11.0454 4956 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 19:38:11.0485 4956 WimFltr - ok 19:38:11.0501 4956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:38:11.0517 4956 WIMMount - ok 19:38:11.0579 4956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:38:11.0626 4956 WmiAcpi - ok 19:38:11.0673 4956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:38:11.0719 4956 ws2ifsl - ok 19:38:11.0766 4956 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 19:38:11.0891 4956 WudfPf - ok 19:38:11.0922 4956 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:38:11.0985 4956 WUDFRd - ok 19:38:12.0031 4956 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0 19:38:12.0031 4956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 19:38:12.0031 4956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 19:38:12.0125 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 19:38:12.0125 4956 \Device\Harddisk0\DR0 - detected TDSS File System (1) 19:38:12.0156 4956 Boot (0x1200) (36f051b353f0e2e5b500817ef97c9750) \Device\Harddisk0\DR0\Partition0 19:38:12.0156 4956 \Device\Harddisk0\DR0\Partition0 - ok 19:38:12.0172 4956 Boot (0x1200) (8558885ac146a853f9aa57c214e29368) \Device\Harddisk0\DR0\Partition1 19:38:12.0172 4956 \Device\Harddisk0\DR0\Partition1 - ok 19:38:12.0172 4956 ============================================================ 19:38:12.0172 4956 Scan finished 19:38:12.0172 4956 ============================================================ 19:38:12.0203 5008 Detected object count: 2 19:38:12.0203 5008 Actual detected object count: 2 19:44:44.0298 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 19:44:44.0313 5008 \Device\Harddisk0\DR0 - ok 19:44:44.0313 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip |
11.11.2011, 13:48 | #13 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/verstecktZitat:
Du solltest erstmal nur das Log erstellen aber noch nichts entfernen! Der Hinweis dazu war extra fett und in blauer Schrift angebracht! In deinem Fall müssen aber beide Einträge weg, Rootkit.Boot.Pihar.b sowie TDSS File System. Beides mit dem TDSS-Killer entfernen. Windows neustarten und ein neues Log mit dem TDSS-Killer machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
15.11.2011, 06:22 | #14 |
| system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt oh..hatte ganz vergessen das log zu posten sorry wegen dem löschen, dachte bei beiden würde skip stehen und bin dann direkt auf continue und hab dann erst gesehen, dass eins gelöscht wurde... 20:59:36.0435 4248 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15 20:59:36.0575 4248 ============================================================ 20:59:36.0575 4248 Current date / time: 2011/11/12 20:59:36.0575 20:59:36.0575 4248 SystemInfo: 20:59:36.0575 4248 20:59:36.0575 4248 OS Version: 6.1.7600 ServicePack: 0.0 20:59:36.0575 4248 Product type: Workstation 20:59:36.0575 4248 ComputerName: THERESA-PC 20:59:36.0575 4248 UserName: Theresa 20:59:36.0575 4248 Windows directory: C:\Windows 20:59:36.0575 4248 System windows directory: C:\Windows 20:59:36.0575 4248 Running under WOW64 20:59:36.0575 4248 Processor architecture: Intel x64 20:59:36.0575 4248 Number of processors: 4 20:59:36.0575 4248 Page size: 0x1000 20:59:36.0575 4248 Boot type: Normal boot 20:59:36.0575 4248 ============================================================ 20:59:37.0090 4248 Initialize success 21:00:23.0547 2784 ============================================================ 21:00:23.0547 2784 Scan started 21:00:23.0547 2784 Mode: Manual; SigCheck; TDLFS; 21:00:23.0547 2784 ============================================================ 21:00:25.0217 2784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 21:00:25.0388 2784 1394ohci - ok 21:00:25.0497 2784 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 21:00:25.0544 2784 ACPI - ok 21:00:25.0575 2784 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 21:00:25.0669 2784 AcpiPmi - ok 21:00:25.0809 2784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:00:25.0841 2784 adp94xx - ok 21:00:25.0887 2784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:00:25.0903 2784 adpahci - ok 21:00:25.0934 2784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:00:25.0950 2784 adpu320 - ok 21:00:26.0043 2784 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 21:00:26.0137 2784 AFD - ok 21:00:26.0199 2784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 21:00:26.0231 2784 agp440 - ok 21:00:26.0262 2784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 21:00:26.0277 2784 aliide - ok 21:00:26.0309 2784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 21:00:26.0324 2784 amdide - ok 21:00:26.0340 2784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:00:26.0371 2784 AmdK8 - ok 21:00:26.0387 2784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:00:26.0465 2784 AmdPPM - ok 21:00:26.0511 2784 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 21:00:26.0527 2784 amdsata - ok 21:00:26.0558 2784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:00:26.0574 2784 amdsbs - ok 21:00:26.0605 2784 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 21:00:26.0621 2784 amdxata - ok 21:00:26.0745 2784 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 21:00:26.0886 2784 AppID - ok 21:00:26.0964 2784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:00:26.0979 2784 arc - ok 21:00:27.0011 2784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:00:27.0042 2784 arcsas - ok 21:00:27.0182 2784 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 21:00:27.0291 2784 ASMMAP64 - ok 21:00:27.0307 2784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:00:27.0510 2784 AsyncMac - ok 21:00:27.0541 2784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 21:00:27.0557 2784 atapi - ok 21:00:27.0619 2784 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys 21:00:27.0697 2784 athr - ok 21:00:27.0853 2784 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 21:00:27.0869 2784 ATKWMIACPIIO - ok 21:00:28.0009 2784 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 21:00:28.0025 2784 avgntflt - ok 21:00:28.0056 2784 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys 21:00:28.0087 2784 avipbb - ok 21:00:28.0087 2784 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 21:00:28.0103 2784 avkmgr - ok 21:00:28.0165 2784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:00:28.0259 2784 b06bdrv - ok 21:00:28.0305 2784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:00:28.0368 2784 b57nd60a - ok 21:00:28.0415 2784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:00:28.0477 2784 Beep - ok 21:00:28.0539 2784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:00:28.0602 2784 blbdrive - ok 21:00:28.0649 2784 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 21:00:28.0695 2784 bowser - ok 21:00:28.0727 2784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:00:28.0773 2784 BrFiltLo - ok 21:00:28.0773 2784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:00:28.0806 2784 BrFiltUp - ok 21:00:28.0852 2784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:00:28.0921 2784 Brserid - ok 21:00:28.0936 2784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:00:28.0983 2784 BrSerWdm - ok 21:00:28.0992 2784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:00:29.0037 2784 BrUsbMdm - ok 21:00:29.0047 2784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:00:29.0069 2784 BrUsbSer - ok 21:00:29.0130 2784 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 21:00:29.0199 2784 BthEnum - ok 21:00:29.0231 2784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:00:29.0278 2784 BTHMODEM - ok 21:00:29.0278 2784 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 21:00:29.0322 2784 BthPan - ok 21:00:29.0382 2784 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 21:00:29.0458 2784 BTHPORT - ok 21:00:29.0536 2784 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 21:00:29.0586 2784 BTHUSB - ok 21:00:29.0748 2784 catchme - ok 21:00:29.0843 2784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:00:29.0922 2784 cdfs - ok 21:00:29.0969 2784 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 21:00:30.0000 2784 cdrom - ok 21:00:30.0078 2784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:00:30.0140 2784 circlass - ok 21:00:30.0218 2784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:00:30.0249 2784 CLFS - ok 21:00:30.0374 2784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:00:30.0421 2784 CmBatt - ok 21:00:30.0437 2784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 21:00:30.0452 2784 cmdide - ok 21:00:30.0499 2784 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 21:00:30.0546 2784 CNG - ok 21:00:30.0577 2784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:00:30.0593 2784 Compbatt - ok 21:00:30.0608 2784 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:00:30.0655 2784 CompositeBus - ok 21:00:30.0702 2784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:00:30.0717 2784 crcdisk - ok 21:00:30.0811 2784 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 21:00:30.0889 2784 DfsC - ok 21:00:30.0920 2784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:00:30.0998 2784 discache - ok 21:00:31.0045 2784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:00:31.0061 2784 Disk - ok 21:00:31.0092 2784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:00:31.0139 2784 drmkaud - ok 21:00:31.0201 2784 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 21:00:31.0232 2784 DXGKrnl - ok 21:00:31.0341 2784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:00:31.0482 2784 ebdrv - ok 21:00:31.0575 2784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:00:31.0622 2784 elxstor - ok 21:00:31.0622 2784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 21:00:31.0669 2784 ErrDev - ok 21:00:31.0716 2784 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys 21:00:31.0747 2784 ETD - ok 21:00:31.0794 2784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:00:31.0856 2784 exfat - ok 21:00:31.0887 2784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:00:31.0950 2784 fastfat - ok 21:00:31.0981 2784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:00:32.0012 2784 fdc - ok 21:00:32.0043 2784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:00:32.0059 2784 FileInfo - ok 21:00:32.0075 2784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:00:32.0168 2784 Filetrace - ok 21:00:32.0199 2784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:00:32.0231 2784 flpydisk - ok 21:00:32.0262 2784 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 21:00:32.0277 2784 FltMgr - ok 21:00:32.0293 2784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:00:32.0309 2784 FsDepends - ok 21:00:32.0355 2784 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 21:00:32.0371 2784 fssfltr - ok 21:00:32.0418 2784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:00:32.0449 2784 Fs_Rec - ok 21:00:32.0527 2784 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:00:32.0558 2784 fvevol - ok 21:00:32.0605 2784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:00:32.0621 2784 gagp30kx - ok 21:00:32.0683 2784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:00:32.0699 2784 GEARAspiWDM - ok 21:00:32.0761 2784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:00:32.0808 2784 hcw85cir - ok 21:00:32.0839 2784 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 21:00:32.0901 2784 HdAudAddService - ok 21:00:32.0948 2784 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:00:33.0011 2784 HDAudBus - ok 21:00:33.0011 2784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:00:33.0042 2784 HidBatt - ok 21:00:33.0058 2784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:00:33.0073 2784 HidBth - ok 21:00:33.0104 2784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:00:33.0151 2784 HidIr - ok 21:00:33.0198 2784 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 21:00:33.0214 2784 HidUsb - ok 21:00:33.0260 2784 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 21:00:33.0276 2784 HpSAMD - ok 21:00:33.0307 2784 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 21:00:33.0385 2784 HTTP - ok 21:00:33.0401 2784 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 21:00:33.0416 2784 hwpolicy - ok 21:00:33.0432 2784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:00:33.0448 2784 i8042prt - ok 21:00:33.0494 2784 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys 21:00:33.0510 2784 iaStor - ok 21:00:33.0557 2784 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 21:00:33.0588 2784 iaStorV - ok 21:00:33.0869 2784 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:00:34.0259 2784 igfx - ok 21:00:34.0306 2784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:00:34.0321 2784 iirsp - ok 21:00:34.0462 2784 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys 21:00:34.0571 2784 IntcAzAudAddService - ok 21:00:34.0633 2784 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 21:00:34.0680 2784 IntcDAud - ok 21:00:34.0711 2784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 21:00:34.0711 2784 intelide - ok 21:00:34.0758 2784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:00:34.0805 2784 intelppm - ok 21:00:34.0836 2784 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:00:34.0914 2784 IpFilterDriver - ok 21:00:34.0930 2784 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 21:00:34.0945 2784 IPMIDRV - ok 21:00:34.0961 2784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:00:34.0992 2784 IPNAT - ok 21:00:35.0039 2784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:00:35.0148 2784 IRENUM - ok 21:00:35.0148 2784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 21:00:35.0164 2784 isapnp - ok 21:00:35.0195 2784 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 21:00:35.0210 2784 iScsiPrt - ok 21:00:35.0242 2784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:00:35.0242 2784 kbdclass - ok 21:00:35.0257 2784 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 21:00:35.0304 2784 kbdhid - ok 21:00:35.0366 2784 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 21:00:35.0382 2784 kbfiltr - ok 21:00:35.0413 2784 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 21:00:35.0429 2784 KSecDD - ok 21:00:35.0460 2784 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 21:00:35.0460 2784 KSecPkg - ok 21:00:35.0491 2784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:00:35.0554 2784 ksthunk - ok 21:00:35.0600 2784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:00:35.0694 2784 lltdio - ok 21:00:35.0725 2784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:00:35.0741 2784 LSI_FC - ok 21:00:35.0772 2784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:00:35.0772 2784 LSI_SAS - ok 21:00:35.0803 2784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:00:35.0803 2784 LSI_SAS2 - ok 21:00:35.0819 2784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:00:35.0834 2784 LSI_SCSI - ok 21:00:35.0850 2784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:00:35.0912 2784 luafv - ok 21:00:35.0990 2784 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 21:00:36.0022 2784 MBAMProtector - ok 21:00:36.0053 2784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:00:36.0053 2784 megasas - ok 21:00:36.0084 2784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:00:36.0100 2784 MegaSR - ok 21:00:36.0131 2784 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys 21:00:36.0146 2784 MEIx64 - ok 21:00:36.0146 2784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:00:36.0209 2784 Modem - ok 21:00:36.0256 2784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:00:36.0287 2784 monitor - ok 21:00:36.0318 2784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:00:36.0334 2784 mouclass - ok 21:00:36.0365 2784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:00:36.0396 2784 mouhid - ok 21:00:36.0443 2784 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 21:00:36.0443 2784 mountmgr - ok 21:00:36.0458 2784 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 21:00:36.0474 2784 mpio - ok 21:00:36.0505 2784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:00:36.0568 2784 mpsdrv - ok 21:00:36.0599 2784 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 21:00:36.0646 2784 MRxDAV - ok 21:00:36.0677 2784 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:00:36.0739 2784 mrxsmb - ok 21:00:36.0786 2784 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:00:36.0833 2784 mrxsmb10 - ok 21:00:36.0880 2784 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:00:36.0926 2784 mrxsmb20 - ok 21:00:36.0973 2784 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 21:00:36.0989 2784 msahci - ok 21:00:37.0020 2784 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 21:00:37.0036 2784 msdsm - ok 21:00:37.0067 2784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:00:37.0114 2784 Msfs - ok 21:00:37.0160 2784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:00:37.0238 2784 mshidkmdf - ok 21:00:37.0270 2784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 21:00:37.0270 2784 msisadrv - ok 21:00:37.0316 2784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:00:37.0363 2784 MSKSSRV - ok 21:00:37.0363 2784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:00:37.0426 2784 MSPCLOCK - ok 21:00:37.0426 2784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:00:37.0472 2784 MSPQM - ok 21:00:37.0519 2784 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 21:00:37.0550 2784 MsRPC - ok 21:00:37.0566 2784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:00:37.0582 2784 mssmbios - ok 21:00:37.0582 2784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:00:37.0628 2784 MSTEE - ok 21:00:37.0628 2784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:00:37.0675 2784 MTConfig - ok 21:00:37.0691 2784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:00:37.0706 2784 Mup - ok 21:00:37.0738 2784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:00:37.0784 2784 NativeWifiP - ok 21:00:37.0847 2784 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys 21:00:37.0894 2784 NDIS - ok 21:00:37.0909 2784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:00:37.0972 2784 NdisCap - ok 21:00:38.0003 2784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:00:38.0065 2784 NdisTapi - ok 21:00:38.0096 2784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 21:00:38.0128 2784 Ndisuio - ok 21:00:38.0159 2784 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:00:38.0221 2784 NdisWan - ok 21:00:38.0268 2784 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 21:00:38.0346 2784 NDProxy - ok 21:00:38.0377 2784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:00:38.0424 2784 NetBIOS - ok 21:00:38.0486 2784 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 21:00:38.0580 2784 NetBT - ok 21:00:38.0627 2784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:00:38.0642 2784 nfrd960 - ok 21:00:38.0674 2784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:00:38.0720 2784 Npfs - ok 21:00:38.0736 2784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:00:38.0814 2784 nsiproxy - ok 21:00:38.0892 2784 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 21:00:38.0986 2784 Ntfs - ok 21:00:39.0001 2784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:00:39.0064 2784 Null - ok 21:00:39.0391 2784 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:00:39.0797 2784 nvlddmkm - ok 21:00:39.0828 2784 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys 21:00:39.0828 2784 nvpciflt - ok 21:00:39.0859 2784 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 21:00:39.0875 2784 nvraid - ok 21:00:39.0906 2784 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 21:00:39.0906 2784 nvstor - ok 21:00:39.0984 2784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 21:00:39.0984 2784 nv_agp - ok 21:00:40.0000 2784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 21:00:40.0031 2784 ohci1394 - ok 21:00:40.0078 2784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:00:40.0109 2784 Parport - ok 21:00:40.0140 2784 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 21:00:40.0156 2784 partmgr - ok 21:00:40.0187 2784 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 21:00:40.0202 2784 pci - ok 21:00:40.0218 2784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:00:40.0234 2784 pciide - ok 21:00:40.0249 2784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:00:40.0265 2784 pcmcia - ok 21:00:40.0296 2784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:00:40.0296 2784 pcw - ok 21:00:40.0327 2784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:00:40.0390 2784 PEAUTH - ok 21:00:40.0468 2784 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 21:00:40.0561 2784 PptpMiniport - ok 21:00:40.0577 2784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:00:40.0624 2784 Processor - ok 21:00:40.0655 2784 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 21:00:40.0702 2784 Psched - ok 21:00:40.0780 2784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:00:40.0873 2784 ql2300 - ok 21:00:40.0873 2784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:00:40.0889 2784 ql40xx - ok 21:00:40.0904 2784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:00:40.0982 2784 QWAVEdrv - ok 21:00:41.0014 2784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:00:41.0060 2784 RasAcd - ok 21:00:41.0107 2784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:00:41.0201 2784 RasAgileVpn - ok 21:00:41.0232 2784 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:00:41.0263 2784 Rasl2tp - ok 21:00:41.0294 2784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:00:41.0372 2784 RasPppoe - ok 21:00:41.0388 2784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:00:41.0482 2784 RasSstp - ok 21:00:41.0513 2784 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 21:00:41.0544 2784 rdbss - ok 21:00:41.0560 2784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:00:41.0606 2784 rdpbus - ok 21:00:41.0638 2784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:00:41.0716 2784 RDPCDD - ok 21:00:41.0747 2784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:00:41.0809 2784 RDPENCDD - ok 21:00:41.0840 2784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:00:41.0918 2784 RDPREFMP - ok 21:00:41.0934 2784 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 21:00:41.0981 2784 RDPWD - ok 21:00:42.0012 2784 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys 21:00:42.0028 2784 rdyboost - ok 21:00:42.0090 2784 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 21:00:42.0121 2784 RFCOMM - ok 21:00:42.0152 2784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:00:42.0230 2784 rspndr - ok 21:00:42.0293 2784 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys 21:00:42.0308 2784 RSUSBVSTOR - ok 21:00:42.0340 2784 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:00:42.0355 2784 RTL8167 - ok 21:00:42.0386 2784 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 21:00:42.0402 2784 sbp2port - ok 21:00:42.0449 2784 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 21:00:42.0542 2784 scfilter - ok 21:00:42.0574 2784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:00:42.0667 2784 secdrv - ok 21:00:42.0714 2784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:00:42.0745 2784 Serenum - ok 21:00:42.0776 2784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:00:42.0808 2784 Serial - ok 21:00:42.0823 2784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:00:42.0839 2784 sermouse - ok 21:00:42.0854 2784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:00:42.0886 2784 sffdisk - ok 21:00:42.0901 2784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 21:00:42.0932 2784 sffp_mmc - ok 21:00:42.0948 2784 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:00:42.0964 2784 sffp_sd - ok 21:00:42.0964 2784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:00:42.0979 2784 sfloppy - ok 21:00:43.0073 2784 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys 21:00:43.0120 2784 Sftfs - ok 21:00:43.0182 2784 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys 21:00:43.0213 2784 Sftplay - ok 21:00:43.0229 2784 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys 21:00:43.0244 2784 Sftredir - ok 21:00:43.0260 2784 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys 21:00:43.0260 2784 Sftvol - ok 21:00:43.0307 2784 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 21:00:43.0322 2784 SiSGbeLH - ok 21:00:43.0354 2784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:00:43.0369 2784 SiSRaid2 - ok 21:00:43.0385 2784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:00:43.0400 2784 SiSRaid4 - ok 21:00:43.0416 2784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:00:43.0478 2784 Smb - ok 21:00:43.0510 2784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:00:43.0525 2784 spldr - ok 21:00:43.0556 2784 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 21:00:43.0619 2784 srv - ok 21:00:43.0650 2784 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 21:00:43.0697 2784 srv2 - ok 21:00:43.0744 2784 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 21:00:43.0775 2784 srvnet - ok 21:00:43.0837 2784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:00:43.0853 2784 stexstor - ok 21:00:43.0915 2784 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 21:00:43.0946 2784 StillCam - ok 21:00:43.0978 2784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:00:43.0993 2784 swenum - ok 21:00:44.0102 2784 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 21:00:44.0212 2784 Tcpip - ok 21:00:44.0258 2784 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 21:00:44.0290 2784 TCPIP6 - ok 21:00:44.0321 2784 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 21:00:44.0368 2784 tcpipreg - ok 21:00:44.0399 2784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:00:44.0461 2784 TDPIPE - ok 21:00:44.0477 2784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:00:44.0508 2784 TDTCP - ok 21:00:44.0539 2784 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 21:00:44.0602 2784 tdx - ok 21:00:44.0633 2784 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 21:00:44.0633 2784 TermDD - ok 21:00:44.0664 2784 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:00:44.0726 2784 tssecsrv - ok 21:00:44.0773 2784 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 21:00:44.0820 2784 tunnel - ok 21:00:44.0851 2784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:00:44.0867 2784 uagp35 - ok 21:00:44.0867 2784 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 21:00:44.0929 2784 udfs - ok 21:00:44.0960 2784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 21:00:44.0992 2784 uliagpkx - ok 21:00:45.0007 2784 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 21:00:45.0054 2784 umbus - ok 21:00:45.0054 2784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:00:45.0085 2784 UmPass - ok 21:00:45.0132 2784 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 21:00:45.0194 2784 usbccgp - ok 21:00:45.0226 2784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 21:00:45.0257 2784 usbcir - ok 21:00:45.0288 2784 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 21:00:45.0335 2784 usbehci - ok 21:00:45.0366 2784 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 21:00:45.0413 2784 usbhub - ok 21:00:45.0460 2784 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 21:00:45.0506 2784 usbohci - ok 21:00:45.0538 2784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:00:45.0584 2784 usbprint - ok 21:00:45.0616 2784 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:00:45.0694 2784 USBSTOR - ok 21:00:45.0725 2784 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 21:00:45.0772 2784 usbuhci - ok 21:00:45.0803 2784 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 21:00:45.0865 2784 usbvideo - ok 21:00:45.0896 2784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 21:00:45.0912 2784 vdrvroot - ok 21:00:45.0943 2784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:00:45.0959 2784 vga - ok 21:00:45.0990 2784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:00:46.0052 2784 VgaSave - ok 21:00:46.0052 2784 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 21:00:46.0068 2784 vhdmp - ok 21:00:46.0084 2784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 21:00:46.0084 2784 viaide - ok 21:00:46.0115 2784 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 21:00:46.0130 2784 volmgr - ok 21:00:46.0146 2784 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 21:00:46.0162 2784 volmgrx - ok 21:00:46.0193 2784 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 21:00:46.0208 2784 volsnap - ok 21:00:46.0255 2784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:00:46.0271 2784 vsmraid - ok 21:00:46.0286 2784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:00:46.0318 2784 vwifibus - ok 21:00:46.0349 2784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:00:46.0380 2784 vwififlt - ok 21:00:46.0442 2784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:00:46.0489 2784 WacomPen - ok 21:00:46.0520 2784 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:00:46.0583 2784 WANARP - ok 21:00:46.0598 2784 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:00:46.0630 2784 Wanarpv6 - ok 21:00:46.0692 2784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:00:46.0692 2784 Wd - ok 21:00:46.0723 2784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:00:46.0754 2784 Wdf01000 - ok 21:00:46.0786 2784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:00:46.0832 2784 WfpLwf - ok 21:00:46.0895 2784 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 21:00:46.0910 2784 WimFltr - ok 21:00:46.0942 2784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:00:46.0957 2784 WIMMount - ok 21:00:47.0020 2784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:00:47.0051 2784 WmiAcpi - ok 21:00:47.0098 2784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:00:47.0144 2784 ws2ifsl - ok 21:00:47.0176 2784 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 21:00:47.0254 2784 WudfPf - ok 21:00:47.0269 2784 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:00:47.0316 2784 WUDFRd - ok 21:00:47.0363 2784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:00:47.0456 2784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 21:00:47.0456 2784 \Device\Harddisk0\DR0 - detected TDSS File System (1) 21:00:47.0472 2784 Boot (0x1200) (36f051b353f0e2e5b500817ef97c9750) \Device\Harddisk0\DR0\Partition0 21:00:47.0472 2784 \Device\Harddisk0\DR0\Partition0 - ok 21:00:47.0488 2784 Boot (0x1200) (8558885ac146a853f9aa57c214e29368) \Device\Harddisk0\DR0\Partition1 21:00:47.0488 2784 \Device\Harddisk0\DR0\Partition1 - ok 21:00:47.0488 2784 ============================================================ 21:00:47.0488 2784 Scan finished 21:00:47.0488 2784 ============================================================ 21:00:47.0534 5288 Detected object count: 1 21:00:47.0534 5288 Actual detected object count: 1 21:01:57.0993 5288 \Device\Harddisk0\DR0\TDLFS - deleted 21:01:57.0993 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete |
15.11.2011, 09:31 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/verstecktZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt |
alternate, antivir, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, computer, computern, converter, desktop, entfernen, error, festplatte, firefox, focus, google, helper, home, logfile, mp3, nodrives, nvpciflt.sys, plug-in, programm, realtek, registry, safer networking, scan, software, studio, system, version=2.0, virus, windows, zeon/pdf |